A simple chair next to a simple desk

Daturic - An Example Scenario

By Sean Gowing on
  1. Objectives
  2. Daturic to the Rescue
  3. Data Lake Consolidation
  4. Unify Permissions and Naming Conventions
  5. User Activity Visibility
  6. Quicker Time to Value

Regina works at Finvio, an organization that collects personally identifiable information, financial and credit data to be able to provide clients with detailed financial risk reports of their customers or potential customers. Regina had started at Finvio as a system administrator but has recently been promoted to data lake administrator.

Finvio had started to explore using data lakes over the last year but without an organizational strategy in place, data lake usage had evolved into different departments spinning up their own data lake instances. Finvio began to struggle with these silos limiting the analytical insights that could be used to enhance their solution. Additionally, departments were wary to combine data lakes as managing permissions had quickly become, well, unmanageable. Each department had approached permissions using groups but the implementation and naming conventions were all unique to each department.


Finvio is looking to Regina to unify the security posture across the organization’s data lakes while consolidating, allowing Finvio to secure sensitive data properly while allowing the business to extract the most value out of the data lake.

Regina’s task list for her new role as data lake administrator are as follows:

Priority Task
1 Consolidate data lakes
2 Unify permission model and naming conventions
3 Audit user activities
4 Increase efficiencies around time to value

Regina knows this is going to be difficult having had previous experience as a system admin working with organizational data, albeit at a smaller scale. Looking into some options, Regina finds most solutions only allow for a big bang, move everything over to one data lake with a major cutoff. While Finvio is looking to consolidate its data lake at this point, it would like the option to unify security across multiple data lakes should the need arise (e.g. international expansion, regulations). Finvio would also like the transition to be more gradual so as to not disrupt business momentum with a company-wide disruption.

Daturic to the Rescue

Regina wants to get the data lake strategy and implementation correct for Finvio and comes across Daturic in her research. Daturic seems to meet Finvio’s goals of deploying and maintaining a secure data lake on cloud infrastructure within their control while also supporting the consolidation efforts now and allowing for a unified approach to data lakes down the road. Regina also recognizes the benefit of Daturic integrating with Finvio’s existing Azure AD logging and controls to support user activity audit requirements within the data lake. Regina reaches out to Daturic and they guide her through subscribing to the Daturic solution through the Azure Marketplace.

Regina evaluates the current data lakes in the organization, comparing structures, permissions and naming conventions. Of course they are all over the map, but she gathers information on the different implementations and notes which options will best serve Finvio going forward.

Department Structure
Accounting Unstructured
HR Specific to department
Operations Specific to department
Research Useable

Data Lake Consolidation

Regina now has a plan. The research department’s data lake, being relatively new, had a reasonable structure that wasn’t department specific and would suit the company. Regina registers the research department’s data lake within Daturic and changes the name to suit the entire company, Finvio-DL-Bronze.

Next up, Regina needs to create matching data lakes to support the medallion architecture pattern (bronze, silver, gold data lakes). Regina uses Daturic to quickly create Finvio-DL-Silver and Finvio-DL-Gold with identical structures as Finvio-DL-Bronze. Regina designates these new data lakes as managed within Daturic as these are brand new and don’t need to accommodate existing permissions. The research department data structures have now been mirrored across the medallion pattern providing an organization wide data lake. Regina then quickly creates any required data structures for the other departments using Daturic. Now Finvio has consolidated data lakes with an organization wide structure, task one is complete.

Unify Permissions and Naming Conventions

Permissions come next because as soon as the departments have permissions, they will be able to transfer their data sources to point to the new Finvio-DL data lake.

Regina needs to rework the permissions on Finvio-DL-Bronze as this was originally the research department’s data lake and she had found the permissions to be overly permissive. Regina starts by designating Finvio-DL-Bronze as managed and then using Daturic to create tags that can be applied to the department structures to facilitate complex access policies. Fortunately, there is no limit to the tags so Regina can control the tagging vocabulary for all of Finvio, keeping it consistent across the organization. Tags like “HR” and “Employee record” can then be easily combined in an access policy to limit access to the HR department and only those with a requirement to access employee records. Additionally, tags have folder inheritance so Regina no longer has to manage permissions for the entire folder hierarchy saving her a huge amount of time.

Regina begins combining tags into access policies which then create dedicated groups in Azure AD, thereby fulfilling task two. Regina communicates these dedicated groups to the access provisioning team who are able to populate the Azure AD groups based on job functions of new and existing users.

User Activity Visibility

With Azure AD groups providing access to Finvio’s data lake, Regina is quickly and easily able to audit user activity within the lake with the native Azure toolset that she is already familiar with. Regina uses this visibility to quickly troubleshoot user issues during the transition and it provides her with confidence that, should a security issue arise, she will be able to provide Finvio’s security team with the necessary information to perform their investigation. Task three is complete.

Quicker Time to Value

Regina has seen how Daturic allows new structures to be set up quickly and consistently, tagged with business vernacular, combined into complex access policies and integrated with existing processes and Azure AD tools. Regina was able to meet all of Finvio’s organizational goals by using Daturic, setting them up for success and giving Regina everything she needed to get there.

Contact us to learn how Daturic can help you.