Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data access monitoring #171

Open
ravisuhag opened this issue Jun 5, 2022 · 2 comments
Open

Data access monitoring #171

ravisuhag opened this issue Jun 5, 2022 · 2 comments
Labels
roadmap

Comments

@ravisuhag
Copy link
Member

Guardian can manage access across multiple providers. But it is still hard for data governance managers to monitor the different aspects of data access.

Goal:
With data access monitoring in Guardian, we aim to provide answers to the following questions.

  • How many users have access to sensitive data?
  • How many appeals are pending?
  • How many appeals are about to expire?
  • What kind of data authorized users are accessing?
  • When was a resource accessed, by whom, and for what purpose?
  • Answers to these questions are very important to be proactive in managing security and compliance.

Scope:
Access monitoring can be tracked across different sections

  • Appeals: Analytics about appeals and their status.
  • Access Logs: Analytics about what resources are being actually queried and how frequently.
  • Users: Analytics about how many users are active, and have access across resources.
  • Resources: Analytics about how many resources are available and of what type.
@ravisuhag
Copy link
Member Author

One way to identify the sensitivity of data could be with labels on datasets.

Few more questions, that insights can provide answers to:

  1. How many times a resource is accessed
  2. How many times sensitive BigQuery tables are getting accessed
  3. Identify what operations are done on a resource
  4. Identify users with excess access rights
  5. Alert for bulk download or high-risk flagging for an event
  6. Breach Prediction index - a type of risk modeling as per best practices

@mabdh mabdh mentioned this issue Aug 23, 2022
Closed
@mabdh
Copy link
Member

mabdh commented Aug 23, 2022
edited
Loading

Usage history (access logs) data collection will be discussed in detail in #265

@ravisuhag ravisuhag mentioned this issue Aug 26, 2022
Merged
10 tasks
lifosmin referenced this issue in lifosmin/guardian Aug 31, 2023
@rahmatrhd @ravisuhag
feat(guardian): new access entity (goto#171)
877aa9d 
* feat(guardian): introduce access list and get api

* chore: update plural name for access

* chore: add access field in appeal

* chore: add role field in access

* feat: add access revoke api

* feat: add bulk revoke access api

* chore: deprecate RevokeAppeal and RevokeAppeals rpcs

* chore: change revoke accesses API method to PUT

* feat: add list user accesses API and add more params

* chore: remove created_at param from ListUserAccessesRequest

* chore: add created_by field

* add: add order_by param in list access

* change: rename Access to Grant

* chore:  fix format issues

Co-authored-by: Ravi Suhag <suhag.ravi@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
roadmap
Projects
Roadmap
Status: 2024
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ravisuhag @mabdh