Universal data access control
Guardian is a tool for extensible and universal data access with automated access workflows and security controls across data stores, analytical systems, and cloud products.Documentation
Built for security
Guardian is the data access and control solution, enabling data teams to accelerate data delivery, reduce risk, and safely unlock more data.
Hybrid access control
Guardian uses a hybrid approach of role-based and data-centric access control centered around the type of resource being accessed. It also provides time-limited access to ensuring security and compliance.
Compliant workflows
Guardian decouples access controls from data stores to allow for better integration without disrupting your existing data workflow. It also provides custom workflows to make compliance easy for any framework, from GDPR to HITRUST.
Auditing
Automatically produce and maintain complete, interpretable records of data access activities to track every operation. It allows auditors to track requests and access to data, policy changes, how information is being used, and more.
Management
Guardian comes with CLI and APIs which allows you to interact with access workflows effectively. You can manage resources, providers, appeals, and policies and more.
Proven
Guardian is battle tested at large scale across multiple companies. Largest deployment manages access for thousands of resources across different providers.
Analytics
Guardian provides continuous and real-time visibility by analyzing access usage by users, groups, and more. It generates reports about instances of data access and related operations.
Key Features
Guardian is a data access management tool. It manages resources from various data providers along with the users’ access. Users required to raise an appeal in order to gain access to a particular resource. The appeal will go through several approvals before it is getting approved and granted the access to the user.
Appeal-based access
Users are expected to create an appeal for accessing data from registered providers. The appeal will get reviewed by the configured approvers before it gives the access to the user.
Configurable approval flow
Approval flow configures what are needed for an appeal to get approved and who are eligible to approve/reject. It can be configured and linked to a provider so that every appeal created to their resources will follow the procedure in order to get approved.
External Identity Manager
Guardian gives the flexibility to use any third-party identity manager for user properties.
Ecosystem
Guardian's extensible system allows new providers to be easily added. Mmultiple providers are supported, including: Metabase, BigQuery, Tableau and more.
Providers
Support various providers like Big Query, Metabase, Tableau, and multiple instances for each provider type.
Resources
Resources from a provider are managed in Guardian's database. There is also an API to update resource's metadata to add additional information.
Appeals
Appeal is created by a user with specifying which resource they want to access along with some other appeal options.
