Amazon DataZone: Govern Data Access

Domains are scalable building blocks that help you securely organize resources aligned to business teams or lines of businesses (LOBs). Domains provide the flexibility to reflect your organization's structure. Within these managed domains, you can create business-specific taxonomies that use metadata forms and business glossaries. This way, you can publish an asset in the catalog with a particular domain. The domain then governs the data and controls access with associated resources.

Publishing and subscribing workflows help you create a decentralized data ownership and federated governance model for data sharing and consumption. Data producers publish, own, and govern their data assets by configuring subscription rules for consumers. Data consumers then access the data that they are interested in after completing the approval workflow with data owners.

Automatically fulfill subscriptions to the underlying dataset and manage permissions for AWS Lake Formation managed AWS Glue tables and Amazon Redshift tables and views. For all other assets, Amazon DataZone emits standard events related to user actions, such as subscription requests or approvals. You can use these standard events to integrate with other AWS services or third-party solutions for custom integrations.

Amazon DataZone abstracts the process of sharing data between producer and consumer. The domain facilitates access control to downstream consumers through subscription approval process, which supports consumers from any account and supported AWS Region.

You can create business use case–based groupings of teams, tools, and data. Analytics users collaborate seamlessly by accessing data and analytics tools in a self-service fashion. Administrators can manage access to data for all your users from a single place. With Amazon DataZone, you can grant access to users and systems in accordance with your organization's policies.

With domains, you can more securely organize resources aligned to business-driven domains such as LOBs. A domain is a collection of Amazon DataZone objects, such as data assets, projects, associated AWS accounts, and data sources. Domains are a scalable container for you, your team, and related Amazon DataZone entities—including analytics tools such as Amazon Athena and Amazon Redshift Query Editor. You can publish a data asset in the catalog with a particular domain that governs the data. You can then control access of associated AWS accounts and resources that can access that domain. Domains provide a mechanism to instill organizational discipline for teams that are producing and cataloging the data in the business data catalog. You can publish a data asset in the catalog to a particular domain, which helps you govern the data and control access of data consumers. A domain can have multiple business use case–driven projects in which people collaborate.