Join our Community Kickstart Hackathon to win a MacBook and other great prizes

Sign up on Discord
hello
Access control enables the production of higher quality data, company-wide access to the data, and transparency into everyone’s data use.

Access control is the process of limiting who can read and write in your data warehouse. It can be as simple as only giving business users permission to view data rather than write it or as complex as masking the values in certain data columns.

Access control overview

Access control is also closely related to data democratization, the practice of making data accessible to all employees and stakeholders. Governance and security measures such as access control allow the data team to feel safe and secure in the quality of their data while having the power to let other (selected) teams see what is available to use. By controlling who can read and write queries in the data warehouse and keeping stakeholders who may not have data warehousing experience at bay, the risk of compromising your data’s integrity is minimized.

Benefits of access control — why should you implement it?

Access control enables the production of higher quality data, company-wide access to the data, and transparency into everyone’s data use.

High-quality data

Access control helps you maintain high-quality data, especially in a company that aims to democratize its data. By controlling who can produce or update your data, you minimize the risk of an important table being overwritten or data being deleted altogether. This ensures your data can be trusted at all times to help make decisions without the data team needing to step in to validate it.

Turning transparency into actions

When you implement access control, you typically assign each person their own data warehouse user. This allows you to see who is touching your data and how they are using it. By assigning users custom permissions, you are controlling what they can and cannot do. If something goes wrong, you can trace the actions backward to see who did what and if they should have been given that permission in the first place.

More accessibility for business users

Lastly, by allowing data democratization, business users have the access they need to pull the data they want when they need it. This means data teams no longer have to spend additional time on ad hoc requests. Fewer meetings and messages are required because business users now have access to a self-service data environment. Not to mention that your data team’s time will be freed up to focus on the most important initiatives, like producing high-quality data models.

Access control best practices

While access control greatly depends on the user’s familiarity with a data environment and their technical skills, there are general practices that can be applied when moving toward data democratization.

Limit business user access to read-only

In general, business users should only have read access to your data warehouse. There are exceptions, of course. Perhaps a particular business user has a lot of SQL experience or needs to create a custom report. However, I generally recommend giving them the minimum access they need to see the data that’s available to them.

You don’t want to get into a habit of giving everyone in your company the ability to create different schemas or tables. This will help keep your data environment clean and still give the data team full control over what makes it into the data warehouse. Starting each user out with the least amount of permissions will ensure you are only giving those with special use cases greater control.

Only provide business users access to clean and standardized data

Data warehouses typically contain both raw and transformed data. Raw data is typically only used by an analytics or data engineer in order to create standardized datasets to use in data models and analytics reporting. They are the only ones who should be able to see this raw data.

It is likely that nobody will understand the data warehouse architecture as well as the data team. This means business users may be looking in the wrong schema or table when trying to find a piece of data. If you were to give them access to the raw data, they may very well use something that isn’t in a proper state to be used. Data is standardized for a reason. Increase business users’ chances of success by only making what they should be using available to them.

Create users/roles specific to external tools

I’m a firm believer that people as well as tools should have their own data warehouse user. As I mentioned earlier, assigning each person on your team their own user allows you to control their specific permissions. You can also see the different actions they are taking on the data. This helps to maintain high-quality data, ensuring everyone only does what they are allowed to.

Like people, tools can accidentally write data they aren’t supposed to. This is why it is essential that you assign them their own user with very specific permissions. When you control the permissions of external tools, you can give them the minimum access needed to do their job. Minimal access prevents tools from doing something they were never supposed to.

Don’t give an external tool account admin access to your data warehouse. Take the extra time to create a custom user and assign it a custom role depending on the permissions it needs to serve its purpose.

Implementing access control

Data democratization has many benefits thanks to access control and your ability to customize what a user can and cannot do in your data warehouse. However, if access control is not implemented well, data democratization also has the potential to compromise your data quality. The wrong user having too much access and using unvalidated data can lead to data being overwritten or deleted. A team that’s able to see raw data may mistake it for the data they should be looking at to calculate key metrics.

It’s important that you thoroughly document and think through who should have access to what and the specific types of permissions they need before assigning them access. I recommend using a data platform like Y42 that offers native access control capabilities. When done right, data democratization can change how your business operates, allowing it to make more strategic decisions at a faster pace and freeing up time for core data initiatives.

Category

Data Insights

In this article

Share this article

More articles