Skip to content

Getting Started with your Okera trial

Info

This document describes how to get started with your free trial of Okera.

To sign up for a trial please fill out the request form here.

Intro

Welcome to the Okera trial guide. We’ve created an easy step through tutorial for you to learn about the key concepts of Okera.

TL;DR What is Okera?

Okera is an enterprise universal data authorization tool that allows you to register data across all your different data sources, easily organize and tag that data, and then grant access to the data via permissions whilst specifying fine-grained policy conditions enabling you to do column-level security, row-level security and masking conditions. Okera integrates with the main analytics tools in your organization and then dynamically enforces these policies at run-time at the scale of big data.

Learn more about Okera in our Product Overview section.

Tutorial Context

In this Self-serve trial environment, your organization is expanding their sales department to include sales directors for each territory that your company operates in. Each of these sales directors should only view data pertaining to the invidiual territories that they manage. Additionally, sales analysts currently have access to sales data, however, data that is classified as sensitive is masked for the sales_analyst_role. Like with the sales directors, sales analysts should only see data that is geographically relevant to them so we want to ensure people with the sales_analyst_role only see data pertaining to the countries they operate in. Individuals in your organization with the sales_analyst_role also currently have un-restricted access to certain customer data that is personally identifying information (PII) so during this tutorial we will make sure all PII data is indentified and protected.

Your trial environment users

Your trial environment has these users. The password has been sent to you as part of your intro kit.

User Is a member of groups That belong to these roles (but you can add them to others)
admin admin admin_role
analyst general_analyst_group analyst_role
sally sales_analyst_group general_analyst_group sales_analyst_role
sam sales_analyst_group general_analyst_group sales_analyst_role
mary marketing_analyst_group general_analyst_group marketing_analyst_role
danny director_group sales_director_role

Note

In addition to the predefined users shown in the chart above, there are two demo users (demo_user and demo_user2) that are provided for you to customize users to better optimize for you and your organization's unique use cases.

Okera Permission Model Diagram

Okera leverages both role-based access control (RBAC) and attribute-based access control (ABAC) in a complementary way to ensure policy management is the most scalable for the enterprise.

Okera uses roles to make grouping permissions for users easier and more scalable. These roles can then be granted to users or groups that are integrated from your organization's identity management system. Roles can be customized to each organization's naming convention and can be managed programmatically as well as in the UI.

I’m ready to start the tutorial

A few things to note before you get started:

  • We’ve provided some sample data and users to try policies out.
  • We’ve also embedded some pre-built dashboards and notebooks in Apache Superset and JupyterHub for you to query data and see the effect of policies as these different users.

Start exploring Okera

Explore the catalog

Granting permissions

Registering new data