In the context of data engineering, Data Access is a generic term used to refer to general practices involving the access and management of activities related to reading, copying, or modifying data stored in a database. These databases can be either cloud data warehouses, data lakes, or local on-premise databases.
Data access can be set at different levels, allowing different users to have different roles and act in a particular manner in a database. The term “act” is used as users in a database can take actions on the data like reading, copying, and modifying, as it was mentioned above. The roles given depend on the resource type but generally involve users with administrative rights within a specific context that can authorize actions to other users. For example, administrative users can create new users with limited permissions to act in a particular database or portion of the data. In the same way, certain levels of administrative users can grant administrative permissions to other users.
Regulations of general Data Governance practices force most organizations to enforce specific policies of data access. These policies frequently involve giving administrative rights according to the functional role of the users and the particular data repository. The practices applied also depend on the nature of the data. Certain departments within a company will have different access permissions over different sets of data. Also, the specific policy applied will depend on data sensitivity and might require additional treatment like encryption, row-level security, or data masking.
Modern data repositories like data lakes may provide fine-grained IAM policies that define clear roles and give the user several levels of permissions to each of the resources. In data warehouses, the data access policy can be applied by using user management policies, security policies enforced through Row-Level-Security measures, or by encrypting portions of data to be seen only by a subset of users with the use of Column-Level-Security.
Efficient data governance programs within companies and organizations should define a clear set of policies according to the nature of the data and each user’s role to ensure the proper use of the data and minimize possible security and legal risks. Moreover, regulations on the use and management of user data require specific Data Access policies to be applied, depending on the nature of the data and business activity.
Read our full guide to data access here.
Simplified Data Access With Satori
Satori helps apply security policies (such as RBAC and ABAC) at scale and across all data platforms, including data warehouses and databases.