LogoLogo
  • Welcome to e6data
  • Introduction to e6data
    • Concepts
    • Architecture
      • e6data in VPC Deployment Model
      • Connect to e6data serverless compute
  • Get Started
  • Sign Up
  • Setup
    • AWS Setup
      • In VPC Deployment (AWS)
        • Prerequisite Infrastructure
        • Infrastructure & Permissions for e6data
        • Setup Kubernetes Components
        • Setup using Terraform in AWS
          • Update a AWS Terraform for your Workspace
        • AWS PrivateLink and e6data
        • VPC Peering | e6data on AWS
      • Connect to e6data serverless compute (AWS)
        • Workspace Creation
        • Catalog Creation
          • Glue Metastore
          • Hive Metastore
          • Unity Catalog
        • Cluster Creation
    • GCP Setup
      • In VPC Deployment (GCP)
        • Prerequisite Infrastructure
        • Infrastructure & Permissions for e6data
        • Setup Kubernetes Components
        • Setup using Terraform in GCP
        • Update a GCP Terraform for your Workspace
      • Connect to e6data serverless compute (GCP)
    • Azure Setup
      • Prerequisite Infrastructure
      • Infrastructure & Permissions for e6data
      • Setup Kubernetes Components
      • Setup using Terraform in AZURE
        • Update a AZURE Terraform for your Workspace
  • Workspaces
    • Create Workspaces
    • Enable/Disable Workspaces
    • Update a Workspace
    • Delete a Workspace
  • Catalogs
    • Create Catalogs
      • Hive Metastore
        • Connect to a Hive Metastore
        • Edit a Hive Metastore Connection
        • Delete a Hive Metastore Connection
      • Glue Metastore
        • Connect to a Glue Metastore
        • Edit a Glue Metastore Connection
        • Delete a Glue Metastore Connection
      • Unity Catalog
        • Connect to Unity Catalog
        • Edit Unity Catalog
        • Delete Unity Catalog
      • Cross-account Catalog Access
        • Configure Cross-account Catalog to Access AWS Hive Metastore
        • Configure Cross-account Catalog to Access Unity Catalog
        • Configure Cross-account Catalog to Access AWS Glue
        • Configure Cross-account Catalog to Access GCP Hive Metastore
    • Manage Catalogs
    • Privileges
      • Access Control
      • Column Masking
      • Row Filter
  • Clusters
    • Edit & Delete Clusters
    • Suspend & Resume Clusters
    • Cluster Size
    • Load Based Sizing
    • Auto Suspension
    • Query Timeout
    • Monitoring
    • Connection Info
  • Pools
    • Delete Pools
  • Query Editor
    • Editor Pane
    • Results Pane
    • Schema Explorer
    • Data Preview
  • Notebook
    • Editor Pane
    • Results Pane
    • Schema Explorer
    • Data Preview
  • Query History
    • Query Count API
  • Connectivity
    • IP Sets
    • Endpoints
    • Cloud Resources
    • Network Firewall
  • Access Control
    • Users
    • Groups
    • Roles
      • Permissions
      • Policies
    • Single Sign-On (SSO)
      • AWS SSO
      • Okta
      • Microsoft My Apps-SSO
      • Icons for IdP
    • Service Accounts
    • Multi-Factor Authentication (Beta)
  • Usage and Cost Management
  • Audit Log
  • User Settings
    • Profile
    • Personal Access Tokens (PAT)
  • Advanced Features
    • Cross-Catalog & Cross-Schema Querying
  • Supported Data Types
  • SQL Command Reference
    • Query Syntax
      • General functions
    • Aggregate Functions
    • Mathematical Functions & Operators
      • Arithematic Operators
      • Rounding and Truncation Functions
      • Exponential and Root Functions
      • Trigonometric Functions
      • Logarithmic Functions
    • String Functions
    • Date-Time Functions
      • Constant Functions
      • Conversion Functions
      • Date Truncate Function
      • Addition and Subtraction Functions
      • Extraction Functions
      • Format Functions
      • Timezone Functions
    • Conditional Expressions
    • Conversion Functions
    • Window Functions
    • Comparison Operators & Functions
    • Logical Operators
    • Statistical Functions
    • Bitwise Functions
    • Array Functions
    • Regular Expression Functions
    • Generate Functions
    • Cardinality Estimation Functions
    • JSON Functions
    • Checksum Functions
    • Unload Function (Copy into)
    • Struct Functions
  • Equivalent Functions & Operators
  • Connectors & Drivers
    • DBeaver
    • DbVisualiser
    • Apache Superset
    • Jupyter Notebook
    • Tableau Cloud
    • Tableau Desktop
    • Power BI
    • Metabase
    • Zeppelin
    • Python Connector
      • Code Samples
    • JDBC Driver
      • Code Samples
      • API Support
    • Configure Cluster Ingress
      • ALB Ingress in Kubernetes
      • GCE Ingress in Kubernetes
      • Ingress-Nginx in Kubernetes
  • Security & Trust
    • Best Practices
      • AWS Best Practices
    • Features & Responsibilities Matrix
    • Data Protection Addendum(DPA)
  • Tutorials and Best Practices
    • How to configure HIVE metastore if you don't have one?
    • How-To Videos
  • Known Limitations
    • SQL Limitations
    • Other Limitations
    • Restart Triggers
    • Cloud Provider Limitations
  • Error Codes
    • General Errors
    • User Account Errors
    • Workspace Errors
    • Catalog Errors
    • Cluster Errors
    • Data Governance Errors
    • Query History Errors
    • Query Editor Errors
    • Pool Errors
    • Connectivity Errors
  • Terms & Condition
  • Privacy Policy
    • Cookie Policy
  • FAQs
    • Workspace Setup
    • Security
    • Catalog Privileges
  • Services Utilised for e6data Deployment
    • AWS supported regions
    • GCP supported regions
    • AZURE supported regions
  • Release Notes & Updates
    • 6th Sept 2024
    • 6th June 2024
    • 18th April 2024
    • 9th April 2024
    • 30th March 2024
    • 16th March 2024
    • 14th March 2024
    • 12th March 2024
    • 2nd March 2024
    • 10th February 2024
    • 3rd February 2024
    • 17th January 2024
    • 9th January 2024
    • 3rd January 2024
    • 18th December 2023
    • 12th December 2023
    • 9th December 2023
    • 4th December 2023
    • 27th November 2023
    • 8th September 2023
    • 4th September 2023
    • 26th August 2023
    • 21st August 2023
    • 19th July 2023
    • 23rd May 2023
    • 5th May 2023
    • 28th April 2023
    • 19th April 2023
    • 15th April 2023
    • 10th April 2023
    • 30th March 2023
Powered by GitBook
On this page
  • Network Access Controls
  • User and Group Management
  • Access Management
  • Data Security
  • Workload Security
  • Auditing & Logging
  • Security Certifications
  1. Security & Trust

Features & Responsibilities Matrix

Define roles and access levels for various features.

All security features that are available on e6data are listed below, along with the responsibility for configuring and managing each.

Network Access Controls

Feature
Cloud
Responsibility

Deploy into an EKS Cluster that you manage and secure. By default is no ingress allowed to the data plane.

AWS

Deployed by the user, using Terraform & Helm templates provided by e6data.

Authenticated access from users or clients to the e6data control plane UI and APIs

AWS

Credentials to access UI & Personal Access Tokens for APIs to be generated by users.

Private access (or private link) from the data plane to the e6data control plane

AWS

Deployed by the user, using Terraform & Helm templates provided by e6data.

IP access lists to control access to e6data control plane UI and APIs over the internet

AWS

Only Kubernetes management access between the e6data control plane and data plane. Any other access should be provided by users.

Ingress for 3rd party querying tools to access the engine.

AWS

User should enable Kubernetes Ingress for external connectors.

User and Group Management

Feature
Cloud
Responsibility

Use the cloud service provider identity management for seamless integration with cloud resources

AWS

e6data

Single Sign-On with identity provider integration (you can enable MFA via the identity provider)

AWS

Can be configured in the e6data console.

Service principals or service accounts to manage application identities for automation

AWS

e6data

User account locking to temporarily disable a user’s access to e6data

AWS

e6data

Role-based access controls to provide least required privileges for users/groups.

AWS

Configured by user.

Access Management

Feature
Cloud
Responsibility

Fine-grained permission-based access control to all e6data objects including workspaces, catalog, clusters and queries

AWS

Users should configure access to their team members.

Secure API access with personal access tokens with permission management

AWS

e6data provides unique tokens in the Console for secure access.

Segment users, workloads and data with different security profiles in multiple workspaces

AWS

Use separate workspaces where possible to segment users who need access to different data sources.

Data Security

Feature
Cloud
Responsibility

Encryption of control plane data at rest

AWS

e6data (enabled by default)

Encryption in transit of all communications between the e6data control plane and customer data plane

AWS

e6data (enabled by default)

Workload Security

Feature
Cloud
Responsibility

Manage code versions effectively with repos

AWS

e6data

Built-in secret management to avoid hardcoding credentials in code

AWS

e6data

Managed data plane docker image regularly updated with patches, security scans and basic hardening

AWS

e6data

Contain costs, enforce security and validation needs with cluster policies

AWS

e6data

Immutable short-lived infrastructure to avoid configuration drift

AWS

e6data

Enhanced hardening with security monitoring and vulnerability reports of managed data plane images

AWS

e6data

Auditing & Logging

Feature
Cloud
Responsibility

Comprehensive and configurable audit logging of activities of e6data users

AWS

Logged by e6data. Can be consumed by users through Console or API.

Logging of run queries

AWS

Logged by e6data. Can be consumed by users through Console or API.

e6data infrastructure logging

AWS

Logged by e6data. Can be consumed by users through Console or API.

Security Certifications

Certification
Cloud

ISO 27001

AWS

ISO 27017

AWS

ISO 27018

AWS

ISO 27701

AWS

SOC 2 Type 1

AWS

PreviousAWS Best PracticesNextData Protection Addendum(DPA)

Last updated 1 month ago