Data Access Management

Okera’s platform-agnostic policy manager centralizes, standardizes, and simplifies data access governance.

Complexity is the Enemy of Security

Okera policies are efficient, powerful, and simple to understand.

A single Okera policy can replace tens — if not hundreds — of traditional role based permissions. And a single policy can protect multiple data platforms!

Dynamic filtering, masking, and tokenization deliver powerful de-identification features with a few mouse clicks.

Non-technical stakeholders on the compliance and risk teams can validate that data security and privacy policies are implemented as intended.

Collaborate and Manage Platform-Agnostic Data Policies

Okera abstracts policies into language that non-technical data stakeholders can understand. As a result, it’s easier for everyone to collaborate and agree on policies.

This means policies — and the data they protect — can be deployed to users faster and with greater confidence.

De-Identify Sensitive Data the Easy Way

Corporate data lakes, lakehouses, and data clouds are teeming with confidential, personally identifiable, and other regulated information. You must and can manage access to sensitive data responsibly.

Okera can dynamically hide or modify data so only employees with a legitimate business reason can see sensitive data in-the-clear.

For example, Okera can dynamically transform queries so the results are filtered, masked, tokenized, trimmed, hashed, encrypted, bucketed, or otherwise anonymized.

Reduce Data Management Costs with Fine-Grained Access Control (FGAC)

FGAC allows you to retire storage-heavy and compute-intensive data security pipelines.

Coarse-grained access, such as you would get with IAM roles, only authorize access to files. Copying data into a variety of files and securing them with IAM roles get complicated very quickly and does not scale.

With FGAC, you maintain one authoritative data set, and dynamically authorize user access to tables, rows, columns, and cells with each query. It’s simple, efficient, and cost-effective.

Scale Data Security with Attribute-Based Access Control (ABAC)

ABAC references data attributes such as whether a column is classified as sensitive, PII, and so on.

ABAC is efficient and scalable because you create policies that apply to data abstractions.


  • ABAC policy:
    mask data classified PII:creditcard, PII:email
  • Resource policy:
    mask mydb.mytable.ccn, mask, mask

ABAC is less prone to errors and more cost-effective to scale than hard-coded, resource-level policies.

Enhance Your Security Posture with Minimal Effort: Row-Level Security

Okera’s dynamic row-level security can reduce policy complexity by an order of magnitude — and dramatically improve your security posture!

Row-level security dynamically restricts access to rows (or records) within a file or table. Okera’s approach to row-level security is exceptionally powerful and effective because our policies use both data attributes (tags) and user attributes.

Separate the Policy from the Platform for Economy of Scale

Avoid technology silos! Okera policies are written without knowing anything about the data platforms they protect. They are platform-agnostic, which ensures consistency.

To protect data, simply register it in the Okera catalog, then register the data set with a policy.

With Okera, data from different platforms can be protected by the same policy.

As you onboard new data sets, simply register it with an existing policy. Because existing policies can protect new data, Okera makes it much easier to scale up data access governance.

Now that we have this modern data platform secured with Okera, we deliver new data products and applications very quickly.

Data Engineer, E-Commerce Automation Company

Learn about our policy enforcement capabilities.

Okera has built multiple data enforcement patterns, transparent to the user, and optimized to provide consistency within cloud data warehouses, data lakes, and lakehouse platforms.