Before you begin

Before you can use the features on the Data Access Management page, you assign user permissions, perform catalog tasks, and configure Secure Agent services.

Complete the following tasks:

1User administration tasks

In Metadata Command Center, assign one or more users to the Data Access Owner and Stakeholder roles.

For more information about the Data Access Owner role, see Data Access Owner role.

You can create custom roles that incorporate the permissions that the Data Access Owner and Stakeholder roles enable.

For more information about creating a custom role, see User roles.

2Data catalog tasks

aIn Data Marketplace, create terms of use to use with both Data Marketplace and Data Integration data access policy enforcement methods. Terms of use provide usage requirements and guidelines that a user must accept before they can use data.

For more information about creating terms of use, see Creating new terms of use.

bOptionally, build a glossary and assign terms to technical assets in Data Governance and Catalog.

For more information about building glossaries, see Enrich technical assets.

cIn Metadata Command Center, create, configure, and scan catalog sources.

For more information about creating a catalog source, see Creating a catalog source.

dIn Data Governance and Catalog, verify that the technical assets from scanned catalog sources have correctly assigned data classifications.

For more information about scanning technical assets, see Importing assets.

3Data access policy enforcement configuration tasks

- To enable Data Marketplace to enforce data filter policies and data de-identification policies, configure the Data Access Management Proxy Secure Agent service.

Note: The Data Access Management Agent and Proxy services will not start without valid values for the usernameWithConnectionPrivileges and userWithConnectionPrivileges properties.

For more information about the Data Access Management Proxy Secure Agent service, see Secure Agent Services.

For more information about creating orders in Data Marketplace, see Ordering data collections.

- To enable your cloud data platform to natively enforce data access control policies, perform the following steps:

▪ Configure the Data Access Management Agent Secure Agent service.

Note: The Data Access Management Agent and Proxy services will not start without valid values for the usernameWithConnectionPrivileges and userWithConnectionPrivileges properties.

For more information about the Data Access Management Agent Secure Agent service, see Secure Agent Services.

▪ Configure your cloud data platform to allow Data Access Management to apply grants to the technical assets that users specify.

For more information, see Prerequisites for pushdown enforcement.

▪ In Administrator, connect cloud data platform sources.

For more information about cloud data platform source-specific connections, see Connectors and connections.

▪ In Metadata Command Center, create and configure your cloud data platform sources. Metadata Command Center scans and classifies the sources during this process.

For cloud data platform source-specific configuration details, see Creating a catalog source help or the Databricks sources help in Metadata Command Center.

▪ In Data Governance and Catalog, validate that imported technical assets from scanned catalog sources are in the catalog and that data classifications are correctly assigned for your cloud data platform.

For more information about importing technical assets, see Introduction and Getting Started.

Understand how Data Access Management maps permissions from within data access control policies to cloud data platforms. To learn how Data Access Management maps permissions, see Data access control policy permission mappings.

4Configure a workflow event.

For more information about configuring a workflow event, see Configuring a workflow event.

5Create data access policies.

For more information about creating data access policies, see Creating data access policies.

6Enforce data access policies.

- To have Data Integration enforce data filter policies and data de-identification policies, configure a mapping that includes an Access Policy transformation.

For more information about Access Policy transformations, see Access Policy transformation.

- To enable Data Marketplace to enforce data filter policies and data de-identification policies, place an order with the Managed Access setting turned on in Data Marketplace.

For more information about placing orders, see Ordering data collections.

- To enable your cloud data platform to enforce data access control policies, follow the steps in Data access policy enforcement configuration tasks. Data Access Management automatically pushes data access control policies to your platform.

In Metadata Command Center, you can monitor the pushdown of data access control policies to your cloud data platform.

For more information about monitoring the pushdown of data access control policies in Metadata Command Center, see Monitor data access synchronization jobs.