Cloud Pak for Data

 View Only

Security Architecture

  • 1.  Security Architecture

    Posted 7 days ago
      |   view attached


    I have trouble understanding the security concept here

    We have the data source, a user can access a data by using a platform connection or connecting directly by creating his own connection trough WS

    or he can populate an asset from a catalogue

    or use data virtualization

    so multiple ways to access

    1. if the user have credentials to the data source and we assume that he can use these credentials in cp4d , so we assume that the security have to be made in the data source itself and CP4D is not a tool for securing data , because the moment a user is using a credential to add a connection asset and a connected data in his WS, he bypass anything that have been done (DV, Catalogue, Governance etc...)
    2. supposing that the user do not have a credentials and customer is relying on CP4D architecture
      1. If you are going to use Catalog to go shop for data assets , if the asset is not yours (obviously, since we are supposing that you cant create a connection), so if you add a connected asset to your WS, you will required to enter a credential to see the data (I also assume that the connection created to import the asset do not use a shared credentials, see point 1), so you will need a user with higher clearance behind you back to enter his credentials in your WS
      2. Same goes for Data virtualization, either in direct access or via Catalogs


    So my question is, what is the "normal" way to use data and populate data across different users with different clearance , using different sources, without risking to mix things up


    Mhamed Ben Jmaa