Before you begin

1. 1User administration tasks
Assign one or more users to the Data Access Owner and Stakeholder roles in Metadata Command Center.
For more information about the Data Access Owner role, see Data Access Owner role.
You can create custom roles that incorporate the permissions that the Data Access Owner and Stakeholder roles enable.
For more information about creating a custom role, see User roles.
2. 2Data catalog tasks
1. aCreate terms of use in Data Marketplace to use with both Data Marketplace and Data Integration data access policy enforcement methods. Terms of use provide usage requirements and guidelines that a user must accept before they can use data.
For more information about creating terms of use, see Creating new terms of use.
2. bOptionally, build a glossary and assign terms to technical assets in Data Governance and Catalog.
For more information about building glossaries, see Enrich technical assets.
3. cCreate, configure, and scan catalog sources in Metadata Command Center.
For more information about creating a catalog source, see Creating a catalog source.
4. dVerify that the technical assets from scanned catalog sources have correctly assigned data classifications in Data Governance and Catalog.
For more information about scanning technical assets, see Importing assets.
3. 3Data access policy enforcement configuration tasks
• - To enable Data Marketplace to enforce data filter policies and data de-identification policies, configure the Data Access Management Proxy Secure Agent service.
Note: Ensure that you set the userWithConnectionPrivileges configuration property on the service.
For more information about the Data Access Management Proxy Secure Agent service, see Secure Agent Services.
For more information about creating orders in Data Marketplace, see Ordering data collections.
• - To enable your cloud data platform to natively enforce data access control policies, do the following:
• ▪ Configure the Data Access Management Agent Secure Agent service.
Note: Ensure that you set the userWithConnectionPrivileges configuration property on the service.
For more information about the Data Access Management Agent Secure Agent service, see Secure Agent Services.
• ▪ Configure your cloud data platform to allow Data Access Management to apply grants to the technical assets that users specify.
For more information, see Data access control policy prerequisites.
• ▪ Connect cloud data platform sources in Administrator.
For more information about cloud data platform source-specific connections, see Connectors and connections.
• ▪ Create and configure your cloud data platform sources in Metadata Command Center. Metadata Command Center scans and classifies the sources during this process.
For cloud data platform source-specific configuration details, see Creating a catalog source help or the Databricks sources help in Metadata Command Center.
• ▪ Validate that imported technical assets from scanned catalog sources are in the catalog and that data classifications are correctly assigned for your cloud data platform in Data Governance and Catalog.
For more information about importing technical assets, see Introduction and Getting Started.
Understand how Data Access Management maps permissions from within data access control policies to cloud data platforms.
To learn how Data Access Management maps permissions, see Data access control policy permission mappings.
4. 4Create data access policies.
For more information about creating data access policies, see Creating data access policies.
5. 5Enforce data access policies.
• - To have Data Integration enforce data filter policies and data de-identification policies, configure a mapping that includes an Access Policy transformation.
For more information about Access Policy transformations, see Access Policy transformation.
• - To enable Data Marketplace to enforce data filter policies and data de-identification policies, place an order with the Managed Access setting turned on in Data Marketplace.
For more information about placing orders, see Ordering data collections.
• - To enable your cloud data platform to enforce data access control policies, follow the steps in step 3. Data Access Management automatically pushes data access control policies to your platform.
In Metadata Command Center, you can monitor the pushdown of data access control policies to your cloud data platform.
For more information about monitoring the pushdown of data access control policies in Metadata Command Center, see Monitor data access synchronization jobs.