Data Access Management > Introduction to Data Access Management > Data access policy enforcement methods
  

Data access policy enforcement methods

Data Access Management works with other Informatica services to protect data and provide access to it. As a Data Steward, it's important that you know where enforcement occurs for each type of data access policy that you create in Data Access Management.
The data access control policies you create are enforced in the following contexts:
In all cases, to see the data, you need to use appropriate tools relevant to that source system.
The following image shows how policies that you create in Data Access Management protect data:
Data Stewards define data protections, create policies and rules, and approve them. Data Integration Developers create mappings and deliver protected data. Data Marketplace users shop, order, and accesses protected data. Data Users query and access data in a source system.
When you use Data Integration to build a data pipeline, you can connect an Access Policy transformation to the mapping. The Access Policy transformation applies data filter policies and data de-identification policies created in Data Access Management according to the properties of the Access Policy transformation.
In Data Marketplace, when you enable the Managed Access setting to place an order, Data Marketplace enforces data filter policies and data de-identification policies created in Data Access Management according to the usage specified in the Data Marketplace order.
For more information about placing orders, see Ordering data collections.
For more information about Access Policy transformations, see Access Policy transformation.
The following table lists the enforcement environments for each type of data access policy:
Data Access Policy Type
Enforcement Environment
data filter policy
Enforceable in Data Integration and Data Ingestion and Replication through Access Policy transformations and in Data Marketplace when you order a data collection.
Enforceable in your source system after policy pushdown from Data Access Management.
You can enforce data filter policies in the following source systems:
  • - Amazon Redshift
  • - Databricks
  • - Microsoft Fabric Data Warehouse
  • - Microsoft Power BI
  • - Snowflake
data de-identification policy
Enforceable in Data Integration and Data Ingestion and Replication through Access Policy transformations and in Data Marketplace when you order a data collection.
data access control policy
Enforceable in your source system after policy pushdown from Data Access Management.
You can enforce data access control policies in the following source systems:
  • - Amazon Redshift
  • - Amazon S3
  • - Databricks
  • - Google BigQuery
  • - Microsoft Fabric Data lakehouse
  • - Microsoft Fabric Data Warehouse
  • - Microsoft Power BI
  • - Snowflake
  • - Tableau
For more information about configuring these source systems for use with data access control policies, see Prerequisites for pushdown enforcement.