Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

💧 Work through data-engineering-database-access repo for projects to Lake Formation Tags #4749

Open
4 tasks
Tracked by #2955
bagg3rs opened this issue Jul 23, 2024 · 2 comments
Open
4 tasks
Tracked by #2955

💧 Work through data-engineering-database-access repo for projects to Lake Formation Tags #4749

bagg3rs opened this issue Jul 23, 2024 · 2 comments
Assignees
@bagg3rs
Labels
💄 Visualisation MI/BI (Epic #2955)

Comments

@bagg3rs
Copy link
Contributor

bagg3rs commented Jul 23, 2024
edited
Loading

User Story

As a Analytical Platform team
I want to know how we currently manage database access
So that I can understand how these relate to maintaining access permissions for our users to query tables with Lake Formation

Value / Purpose

Database-access is the current method of granting access to databases with Athena. With the move to Lake Formation and the ability to use Tags we can improve how access is granted and speed up onboarding users to access the data they need without the need for pull requests

Useful Contacts

James, Julia, Michael, RichB, Data Engineering (Gwion, Soumaya)

Hypothesis

If we understand how we currently permission tables for 294 Projects
Then we can better spend our time developing AP-UI features that our users need

Proposal

"Dummy Migrate" a set of existing Projects over to use LF-Tags, this should be the target databases's we have for QuickSight MVP #4655

  • How projects are currently organised see repo
  • Identify key attributes used for access control (e.g. domain, department, data sensitivity... or project)

Map projects to tags

  • For each project, determine which tags could apply
  • Create a mapping document or spreadsheet there is an example here

Review current permissions

  • Analyse existing access controls
  • Note which project attributes determine access levels

Define tag-based policies

  • Create Lake Formation policies using the new tags
  • Ensure these policies mirror existing access controls

Validation and testing

  • Compare tag-based access to current permissions
  • Test to ensure equivalent access levels

PreReq'ish

Definition of Done

  • Projects have examined and permissions reviewed
  • Document the migration and create permissions mapping document
  • Give team overview and create any additional issues required
@bagg3rs bagg3rs added the story label Jul 23, 2024
@bagg3rs bagg3rs changed the title 💧 Work through a Migration of data-engineering-database-access projects to Lake Formation Tags 💧 Work through data-engineering-database-access repo for projects to Lake Formation Tags Jul 23, 2024
This was referenced Jul 26, 2024
Open
Closed
@YvanMOJdigital
Copy link

@bagg3rs need more info

@YvanMOJdigital
Copy link

Work with catalog team tags stuff

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bagg3rs bagg3rs

Labels
💄 Visualisation MI/BI (Epic #2955)
Projects
Analytical Platform
Status: 👀 TODO
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bagg3rs @YvanMOJdigital @julialawrence @darren1988