Skip to content

Overview To Privacera on AWS

This document covers the features of Privacera Access Management solution on AWS environment. It walks the reader through various components within Privacera and how it is map to the supported features.

Note: The AWS IAM best practices resource suggests ways to optimize your implementation of AWS Identity and Access Management.

Privacera Components#

Privacera provides solutions with the following features:

  • Fine-grain Access Management: Privacera leverages Apache Ranger to provide column and row-level access control.

  • Automated Discovery and Classification: Privacera automatically profiles structured and unstructured data and builds metadata.

  • Encryption and Masking: Privacera uses format-preserving and other encryption techniques to anonymize data at rest and in motion.

  • Monitoring of User Access: Privacera analyzes user access history to analyze if sensitive data is uploaded, moved out or accessed inappropriately.

Privacera Portal#

Privacera Portal is the primary user interface for Privacera Cloud Access Management. These features below can be accessed through the Launch Pad menu.

  • AWS Console: You can directly login to your AWS Console through this menu item, it uses preset role.

  • Privacera Token: You can manage your Privacera Tokens for access management.

  • AWS CLI: You can access AWS CLI through generated Privacera token.

Privacera Access Manager#

Privacera leverages the work done by Privacera Access Management for policy management and access control. Access Management provides a robust policy management layer leveraging plugins and policy sync to control access to data. Key benefits:

  1. Single pane of glass for all access policies.

  2. Performance and scalability for the Cloud.

  3. Column- and record-level security for Databricks, AWS services, Presto, and Kafka.

    Application Current State Privacera Solution Policy Enforcement Point
    PrestoDB PrestoDB Authorization Ranger - Column Level Plug-In
    EMR - Hive SQL StdAuthorization Ranger - Column Level,
    Dynamic Column Masking,
    Dynamic Column Encryption/Decryption,
    Dynamic Row Level Filtering
    EMR - Spark IAM Policies (Bucket level) Ranger - File/Object Level Data Access Server
    Databricks Databricks Access Control and S3 IAM policies Ranger - Column Level,
    File Level,
    Dynamic Column Masking,
    Dynamic Column Encryption/Decryption,
    Dynamic Row Level Filtering
    AWS S3 IAM Policies (Bucket level) Ranger - File Level Data Access Server
    Redshift Database Grant/Revoke Ranger - Table Level, Column Level PolicySync
    Athena IAM Policies Ranger - Column Level JDBC Proxy
    DynamoDB IAM Policies Ranger - Column Level Data Access Server / Role Mapping
    Kinesis / Firehose IAM Policies Ranger - Stream Level Data Access Server / Role Mapping
    Lambda IAM Policies Ranger - Function Level Data Access Server

Architecture Overview#

Launch Pad#

To view Launch Pad page, on the Privacera home page, click Launch Pad. The Launch Pad page displays with the following options:

  1. AWS Console: It will redirect you to AWS console without asking login credentials.

  2. AWS CLI: Access AWS resources through AWS CLI using Privacera Cloud Access Manager.

  3. Privacera Token: Token is required for authentication and access the AWS resources.

  4. Databricks: Databricks is required for accessing your assets such as UI, API, and Command-line interface (CLI).

Last update: July 23, 2021