Get Started With Your Okera Test Drive¶
This Okera test drive guide provides an easy step-through tutorial to teach you the key concepts of Okera to help you get started using your free test drive. To sign up for a test drive, fill out the request form at https://www.okera.com/self-serve-trial/.
Note: The Okera test drive may also be referred to as the Okera self-service trial.
What is Okera Data Access Platform?¶
Okera Data Access Platform (ODAP) is an enterprise universal data authorization tool that integrates with the main analytics tools in your organization. It allows you to register data from different data sources, easily organize and tag that data, and then grant access to the data using permissions while also specifying fine-grained conditions that enforce column-level security, row-level security, and data masking and transformation. It then dynamically enforces Okera permissions at runtime.
Learn more about ODAP in Product Overview.
What's Included in the Okera Test Drive?¶
Your Okera test drive begins with an email describing the self-service test drive and its cluster. The test drive includes:
- Sample data and users you can use to test policy management and policy effects.
- Embedded prebuilt dashboards and notebooks in Apache Superset, JupyterHub, and Snowflake that you can use to query data and see the effect of policies on the different users.
Test Drive Environment Scenario¶
In this self-serve test drive environment, your organization is expanding their sales department to include sales directors and sales analysts for each territory in which your company operates. Your test drive environment must support the following data restrictions to support the expansion:
- Each sales director should only see data pertaining to the individual territories that they manage. So, all individuals assigned the
sales_director_roleshould only see data for the territories that they manage. - Sales analysts should only see data that is geographically relevant to them, so we will ensure that individuals assigned the
sales_analyst_roleonly see data pertaining to the countries in which they operate. - Sales analysts currently have access to all sales data, however, data that is classified as sensitive should be masked for the
sales_analyst_role. - Individuals in your organization assigned the
sales_analyst_roleshould not be able to see personally identifying information (PII) in the customer data. During this test drive, we will make sure that all PII data is identified and protected.
Test Drive Environment Users¶
Your test drive environment has the following users. Their passwords have been sent to you as part of your introductory kit. When you receive your test drive, <tenant> will be replaced with your company name. In images and videos in this test drive documentation, <tenant> is replaced with your_company.
User |
Is a member of groups |
Assigned to these Okera roles |
|---|---|---|
admin_<tenant> |
adminadmin_<tenant> |
admin_roleokera_public_role |
analyst_<tenant> |
analyst_<tenant>general_analyst_group |
card_analyst_rolemarketing_analyst_roleokera_public_rolesales_analyst_role |
sally_<tenant> |
sales_analyst_groupsally_<tenant> |
marketing_analyst_roleokera_public_rolesales_analyst_role |
sam_<tenant> |
sales_analyst_groupsam_<tenant> |
marketing_analyst_roleokera_public_rolesales_analyst_role |
mary_<tenant> |
marketing_analyst_groupmary_tenant |
marketing_analyst_roleokera_public_role |
danny_<tenant> |
danny_<tenant>director_group |
okera_public_rolesales_director_role |
Note: In addition to these predefined users, two demo users (
demo_user_<tenant>anddemo_user2_<tenant>) are provided for you to customize. Use these user definitions to test and optimize the environment as needed.
Okera uses both role-based access control (RBAC) and attribute-based access control (ABAC) in a complementary way to ensure access management is the most scalable for the enterprise.
Okera uses roles to make grouping permissions for users easier and more scalable. Roles can then be granted to users or groups that are integrated from your organization's identity management system. They can be customized to each organization's naming convention and can be managed programmatically as well as in the UI.
Start Exploring Okera¶
Use the following links to explore Okera using this test drive: