Keycloak-PDC integration with business-aligned Communities ..
Overview
Adventure Works Cycles has just acquired a new manufacturing facility and needs to integrate their data systems while ensuring compliance with global data protection regulations. As the newly appointed Data Governance team, participants must establish secure connections to critical business systems, implement proper access controls, and create a comprehensive data inventory that supports both operational needs and regulatory requirements.
Business Challenge: The company operates across multiple jurisdictions (US, EU, Brazil) and must comply with GDPR, CCPA, and LGPD simultaneously. Different business units need access to different data domains while maintaining strict security and compliance controls.
Solution: PDC has a number of default Roles that meet Regulatory & Compliance requirements. Map the Adventure Works organization to the PDC default roles and control the Permissions and Scope to assets with PDC Communities.
Adventure Works Organization
Role Mapping
Recommendation: Map to Existing PDC Default Roles with Communities for Fine-Grained Control.
Decision: Map Adventure Works Keycloak groups to existing Pentaho Data Catalog default roles, then use Communities to implement business-specific access controls and data segregation.
WHO & WHAT
Why This Approach is Critical for Regulatory & Compliance Requirements
Leveraging PDC's Built-in Compliance Framework
Why This Matters for Compliance: Pentaho Data Catalog provides default user roles with role-based permissions that enable administrators to control access as necessary across Data Catalog, and administrators can fine-tune access by creating Communities of users with specific permissions. This approach leverages PDC's tested and proven permission structure while adding business-specific controls.
Regulatory Impact:
GDPR Article 25 (Data Protection by Design): Uses PDC's built-in privacy controls with Community-based enhancements
SOX Section 404: Leverages established internal controls with documented permission matrices
CCPA Section 1798.100(e): Implements "reasonable security procedures" through tested PDC role framework
2. Simplified Audit Trail with Business Context
Why This Matters for Compliance: At least one role or community must be assigned to a user when created, and multiple roles or Communities can be assigned if permissions are mutually exclusive. This creates clear audit trails showing both technical permissions (via PDC roles) and business justification (via community membership).
Regulatory Impact:
GDPR Article 30 (Records of Processing Activities): Clear documentation of who processes what data and why
CCPA Section 1798.145: Precise tracking of consumer data access through role + community combination
SOC 2 Type II: Demonstrates systematic access control with business justification
3. Scalable Data Segregation
Why This Matters for Compliance: A Community is a custom role used to fine-tune access to specific actions or Data Catalog assets, such as restricting access for a group of users to a subset of glossaries and data sources. This enables precise data domain segregation required for cross-jurisdictional compliance.
