Chapter 8. Securing and Governing Data

For a typical Fortune 1,000 company, just a 10 percent increase in data accessibility will result in more than $65 million additional net income.

Richard Joyce, Forrester1

In this book, we’ve already talked about the importance of data and how with Amazon Redshift you can access different types of structured or semistructured data whether it has been loaded locally or queried from an external source. However, equally important to the ability to access and transform data in a cost-performant way is the ability to do it securely, ensuring only the right people have access to the data they should have access to. Many organizations struggle with making all of their data accessible to their users. That balance of accessibility and security is both crucial and hard to achieve in a world where data is ever expanding and where access to data is in such high demand.

In this chapter, we’ll discuss the different ways that a user can manage security within Amazon Redshift including “Object-Level Access Controls” and “Database Roles”. We’ll explore use cases where user communities required fine-grain access controls and how it can be achieved through “Row-Level Security” and “Dynamic Data Masking”. Finally, we’ll discuss how Amazon Redshift manages security with “External Data Access Control”.

Object-Level Access Controls

Amazon Redshift is organized in a hierarchy of objects where each object is governed by a set of permissions. As discussed in

Get Amazon Redshift: The Definitive Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.