AcademyCustomer Portal

Data Access Management

The Data Access Management sub-module controls all Access Management operations at the platform level.

Crawl

An instance-level Data Access Admin can crawl users, roles, policies, and the associated permissions across buckets and folders on all Amazon S3 connectors hosted within the same instance.

Bucket/Folders: Provides checkbox options to select buckets and folders for crawling.

Schedule: In addition to manual crawls, the instance-level Data Access Admin can schedule crawls at defined intervals. This enables periodic sync with the source system and supports consistent access governance.

Grouping of connectors by instance

The created connectors are grouped in the Data Access module according to the associated server instance, shown in a hierarchical tree view on the left side of the page. The tabs displayed for each instance level vary depending on the type of connector.

For Amazon S3, the connectors tab lists all connectors hosted under this instance. Connectors are visible in addition to the Instance Details.

Instance Details

The Instance Detail screen displays five tabs:

Instance Summary Tab

The Instance Summary tab serves as the landing page for Amazon S3 connectors at the instance level. It displays all the connection parameters configured during connector setup. Parameters such as Select Bridge, Credential Manager, Authentication, Access Key, Secret Key, Region, and Identity Provider can be modified if required. Parameters such as Account ID are not editable.

Instance Data Access Admins

Instance Data Access Admins display a list of all Instance Data Access Administrators associated with different connectors in the instance.

To add or modify Instance Data Access Admins:

  • In the Instance Data Access Admins section, click the pencil icon.

  • Select one or more roles from the list.

  • Click Save to apply changes.

Role Settings Tab

Allows configuration of Amazon S3 Roles:

  • S3 Roles hidden in Access Cart

  • S3 Roles to be included while crawling

  • S3 Roles to be excluded while crawling

To add or edit Role Settings:

  • In the Role Settings tab, click the pencil icon.

  • Enter S3 Roles to be hidden in Access Cart

  • Enter S3 Roles to be included while crawling

  • Enter S3 Roles to be excluded while crawling

  • Multiple roles can be added to the provided fields.

  • Click Save to apply the changes.

User Settings Tab

Allows configuration of Amazon S3 Roles:

  • S3 Users hidden in Access Cart

To add or edit Role Settings:

  • In the Role Settings tab, click the pencil icon.

  • Enter S3 Users to be hidden in Access Cart

  • Multiple roles can be added to the provided fields.

  • Click Save to apply the changes.

Notification Tab

Click the pencil icon to configure recipients for each activity notification:

  • Use the toggle buttons to enable or disable the following notifications:

    • Changes to Roles, Users identified during crawl

    • Configure notifications for Data Access Admin

  • Select specific application users, teams, or roles as recipients of notifications.

  • Notifications will be sent to the selected recipients based on the configured settings.

  • Click Save to apply the changes.

Connectors Tab

The Connector tab displays a list of all configured Amazon S3 connectors associated with an instance.

Attributes:

  • Connector ID: Shows the unique identifier for the connector.

  • Connection Name: Shows the configured name of the Amazon S3 connection.

  • Last Crawled Date: Captures the most recent date and time of metadata crawl.

The system displays a hierarchical tree where all connectors appear under the instance. Click the connector name to open the connector-level screen.

Roles Tab

The Roles tab displays all roles from Amazon S3 after the metadata crawl. This tab allows data administrators to review role definitions, policy mappings, and access hierarchies as captured from the source system.

Attributes:

  • S3 Role: Displays the name of the role as defined in Amazon S3.

  • Description: Shows the description associated with the role.

  • Policies: Lists the policies assigned to the role.

  • Application Created Date: Shows the date and time the role was crawled into the application.

  • Application Role: Indicates whether a role with the same name already exists in the application.

Users Tab

The Users tab lists all users detected in Amazon S3 during the metadata crawl. This tab enables data administrators to review user identities, role associations, and relevant access configurations retrieved from the source system.

Attributes:

  • User ID: Displays the user ID as defined in Amazon S3.

  • Roles: Displays the roles assigned to the user in Amazon S3.

  • Application Created Date: Shows the date and time the user was crawled into the application.

  • Application User: Indicates whether a user with the same name exists in the application.

Policies Tab

Displays all policies associated with roles or users in Amazon S3.

Attributes:

  • Policy: Displays the policy name.

  • Policy Type: Indicates the type.

  • Policy JSON: Displays the raw policy definition.

  • Source: Shows the connector from which the policy was crawled.

  • Roles/Users: Lists roles or users linked to the policy.

  • Remote Created Date: Shows when the policy was created in the source system.

Connector Level

The following tabs are displayed for each connector level. Navigate to a connector under each server instance in the left-side hierarchical Data Access Management grouping.

Connector Details

Below are its listed sub-tabs:

Summary Tab

The Connector Data Access Admins (DAA) can manage various settings for a connector on the Connector Summary page and define the Connector Data Access Administrator roles on this connector.

Permission Controls Available under Access Management:

  • Click the pencil icon to enable the checkbox, select the appropriate permissions, and click Save to apply the changes.

Enable Access Management & Sync S3 Permissions to Application Permissions:

This setting enables or disables the synchronization and management of S3 data object permissions for users, roles, and policies. When enabled, it aligns S3-level access (Buckets and folders) with the application’s internal permission model, ensuring consistent access governance across both systems.

Enable Access Cart:

Grants access to the "Access Cart" feature, enabling users to request access to specific buckets, folders, or files through a centralized workflow.

Connector Data Access Admins

Displays the list of Data Access Admins at the connector level.

  • Click the pencil icon next to the connector to open the admin configuration.

  • Choose one or more roles from the list to assign as Data Access Admins.

  • Click Save to confirm and apply the changes.

Permissions Tab

The Permissions tab displays the mapping of Amazon S3 permissions across buckets, folders, and files to corresponding application-specific permissions. This mapping provides a unified view of access control.

For example, a SELECT permission on an S3 table corresponds to Meta Read and Data Read permissions within the application. This ensures that source-level access aligns with the application’s internal permission model for consistent governance.

Notification Tab

The Notification tab allows configuration of alerts related to user, role, and permission changes detected during metadata crawling or performed within the application. This ensures that Data Access Admins and other designated stakeholders stay informed about critical access updates.

  • Click the pencil icon to configure notification settings for each activity. Use the toggle buttons to enable or disable the following notifications:

    • Changes to Bucket/Folder permissions identified during crawl

    • Changes to Bucket/Folder permissions through Access Cart

    • Configure notifications for Data Access Admins

  • Select individual application users, teams, or roles to receive notifications. Notifications will be delivered based on the selected recipients and saved settings.

  • Click Save to apply the notification configurations.

Buckets/Folders Tab

The Buckets/Folders tab provides a consolidated view of Amazon S3 roles/users associated with each configured bucket or folder. It allows administrators to monitor and analyze access at the Buckets/Folders level.

Attributes:

  • Buckets/Folders: Displays the name of the S3 Buckets/Folders.

  • Type: Indicates the types of Buckets/Folders.

  • Roles/users: Lists the roles and users that have access to the Buckets/Folders.

  • Permissions: Displays the specific privileges assigned to each role.

Copyright © 2025, OvalEdge LLC, Peachtree Corners GA USA

PreviousAmazon S3NextData Access Audit

Last updated

Was this helpful?