Skip to content

Security Policies

The Satori Security Policy consolidates and centralizes rules for enforcing when users query data. A single security policy can include rules for various policy types, such as dynamic masking and row-level security, and can be reused by different datasets and user access rules.

Screenshot

Satori Security Engine

The Satori security engine provides two mechanisms for protecting an organization's data:

  1. Dynamic Masking - The dynamic masking mechanism of the security policy is used to manipulate sensitive data before it’s returned to users based on the authorization context of the user, to make it less sensitive. For example: Replacing all digits of a credit card number except the last four. The manipulation occurs at query time without altering the data in the data store, providing flexibility to enforce different security policies for different users or use-cases.

  2. Row-Level Security - The row-level security mechanism in a security policy restricts query results based on the user's authorization context. For example, it can return only the rows of customers within a specific jurisdiction. This filtering occurs at query time without modifying the data in the data store, allowing flexible enforcement of different security policies for various use cases.

Enforcing Security Policies

To enforce security policies, adhere to the following high-level steps:

  1. Create a security policy with either dynamic masking or row-level security rules
  2. Implement the policy on a dataset

Step 1: Creating a Security Policy

Security policies are managed in the Security Policies view, located in the navigation menu of the management console. Security Policies are presented as tiles, each showing a list of associated datasets enforced by the policy, along with the number of active users and queries over the past seven days.

Screenshot

To create a new security policy perform the following steps:

  1. Select the Security Policies view from the navigation menu in Satori.
  2. Click on the plus button and name your new security policy.

Screenshot

Creating Dynamic Masking Rules

To create a dynamic masking rules perform the following steps:

  1. Click the Dynamic Masking tab in the Security Policy
  2. Select a masking profile from the drop menu list.

For more information on how to configure dynamic masking rules, read the chapter on Dynamic Masking.

Creating Row-Level Security Rules

To create a row-level security rule perform the following steps:

  1. Click the Row-Level Security tab and select Start.
  2. Choose the data store from the dropdown menu.
  3. Select the table and column to filter by in the Field Location field.
  4. Define the allowed column values for each user in the Filters section.

For more information on how to configure the Row-Level Security rules, read the chapter on Row-Level Security.

Step 2: Implementing the Policy in a Dataset

Security policies are reusable objects that can be applied to multiple datasets. To enforce a security policy when users query data, select it within a user access rule for one of your datasets. This can be done in one of two ways:

  1. Default Security Policy of a Dataset – You can assign one or more security policies as the default for a dataset. These policies will be applied to security rules that do not specify a particular security policy.
  2. Access Rules with Specific Policies – You can select one or more security policies to enforce when defining an access rule.

Assigning a Default Security Policy to a Dataset

To assign a defualt security policy to a dataset perform the following steps:

  1. Click the Security Policies tab
  2. Select one or more policies from the drop menu.
  3. Click Save.

Screenshot