Getting Started with Satori DataSecOps
Welcome to the Satori DataSecOps platform. Satori DataSecOps helps data driven organizations streamline data access by automating access controls, security and compliance across their data infrastructure.
At its core, Satori is a universal data access service that monitors, classifies and controls access to sensitive data, live.
Setting Up Your First Data Store Connection
The first step, is to setup and connect Satori to your data store. A data store is a repository for persistently managing and storing data. A data store can contain multiple databases and collections of data in a single location.
Connecting your data store to Satori is a simple and straight forward task. The first thing that you need to do is select the data store type that you want to connect to Satori. Satori supports the following data stores.
Adding a Data Store to Satori
Perform the following steps to add your first data store to Satori:
- Go to Satori, select the Data Store view and click the ADD button.
- Now select the data store of your choice.
- Provide your new data store with a name.
- Enter the data stores hostname.
- Select the cloud provider.
- Select the region. (Ensure to select a region that is located close to where your data store is deployed to reduce latency).
- Click the CREATE button.
Test Your Data Store Connection
Now that you have added a data store to Satori, it's now time to test the connection.
To test that Satori and your data store are connected perform the following steps:
- Login to your data store.
- Run a query on the data store.
- Go to the Audit Log view in Satori, click the Refresh button and view the results in the Dashboard.
- Then, go to the Data Inventory and see how Satori displays your data repository.
Creating Your First Dataset
Now that you have added and tested your data store to the Satori environment, it's time to setup your first dataset. A dataset is a collection of data store objects such as tables or schemas from one or more data stores, that you wish to govern access to as a single unit.
For example, a set of tables in a Snowflake account which contain private customer information such as name, address and purchase history can be represented in Satori as a Customer Data dataset"
Define and Configure the Dataset
To add a dataset to Satori perform the following steps:
- To create your first dataset, go to the Dataset view and click the ADD button.
- Name your dataset and provide a brief description.
- Select the relevant locations that you want to add to your dataset, these may include: tables, schemas or databases.
- Optionally, assign one or more data stewards to the dataset. (The data stewards job is to provide oversight and governance for the dataset).
- Click the SAVE button.
Adding your First Group to Satori
Satori provides you with a central location for creating and maintaining your user groups directory for simple data access management.
To create a new user group in Satori perform the following steps:
- Go to the User Directory view.
- Click the ADD Group button.
- Provide a name for your new group.
- Enter a description for your new user group.
- Enter the new members name.
- Select the user type from the drop menu list.
- Click the Add Member button.
In addition to defining user access permissions to your dataset you can also open the dataset to user access requests and self-service access at the flip of a switch.
Create a New User Access Rule
User access rules help you govern who has permission to access your dataset. Permissions to access datasets are defined for individual users or groups and can be limited to a predefined time range.
In addition, Satori can automatically revoke permissions if they are unused. This helps organizations avoid excess and unused permissions.
To add a new user access rule to your dataset, perform the following steps:
- Click the User Access Rules tab in the dataset view and click the ADD button.
- Grant access to an individual or a group by choosing one of the available options from the drop menu list.
- Choose the user access level permissions from the available drop menu options.
- Now define the access expiration timeframe (Expiration dates for access help you to monitor and keep track of who exactly can enter a specific dataset).
- Finally, select the Security Policy enforcement method to default policy.
Create your First Masking Profile
The Satori masking profile enables you to create reusable masking configuration profiles, add them to a security policy and apply them to multiple datasets.
Masking profiles allow organizations to mask query responses for their users to avoid exposing sensitive information.
To configure a new masking profile, perform the following steps:
- Go to the Masking Profile view in Satori.
- Select a masking profile template from the template gallery and click the CREATE PROFILE button.
- Update the name and description of the masking profile.
- Adjust the data transformations to suite your requirements and then SAVE the profile.
Configure a Security Policy and Assign it to a Dataset
The Satori Security Policy is a reusable container that can be configured to contain multiple sets of dynamic masking configurations with their corresponding masking profiles and data filtering configurations.
A Security Policy can be applied to an individual dataset or multiple datasets.
Creating your First Security Policy
To create a new security policy, perform the following steps:
- Go to the Security Policies view.
- Click the plus button to create a new security policy.
- Set a name for your security policy and configure a Dynamic Masking rule.
- Define which users can view the masked data.
- Assign the masking profile you created previously to the new dynamic masking rule.
- Create a data filter to restrict the records returned based on the authorization context of the user.
- Save the security policy.
Adding you First Security Policy to a Dataset
- Go to the Dataset view.
- Click the Security Policy tab.
- Assign the security policy to a single or multiple datasets.
Ensure that Satori Access to your Dataset.
- Click the User Access Rules tab.
- Ensure that the Give Satori access to the Dataset toggle switch is turned on.
- MAKE SURE THAT THIS TOGGLE SWITCH IS TURN ON
Testing the Security Policy on your Data Store
- Go to your data store and run a query.
- View the results table in your data store and verify that the security policy has been correctly implemented on the data.
- View the results as can be seen in the data preview example screenshot.
Learn More About Satori Data DataSecOps
To learn more about Satori DataSecOps click the Introduction to Satori NEXT button below, or scroll to the top of this page and select the relevant topic that you are interested in learning more about.