What is KloudML?
It is a proprietary markup language based on JSON primarily used to define granular data access controls using organization roles.

Why KloudML?
In a typical enterprise there are atleast a dozen or two data sources such as databases, file storages, data warehouses, cloud/on-prem applications and API services. Setting up the data access controls on these sources becomes impossible when the number of data sources increases. KloudML comes to the rescue by providing a unified data access control layer for all of these data sources.
By defining the controls in one single place, makes it much easier for the data engineers/admins to manage the data security.

Sample KloudML:

    connection_MySql_Dev:{
    security: ROLE_BASED
    roles: {
        FINANCE_MANAGER: {
        employees: {
         columns: emp_no,first_name,last_name
        }
        }
        SALES_EXEC: employees
        PRODUCT_MANAGER: {
        departments: {
         columns: dept_id
        }
       
        }
    }
    models: {
      employees: {
        schema: MYSQL_DEV
        table: employees
        alias: Employees
        joins: {
            departments: ${employees}.dept_id = ${departments}.dept_id
            employee_salaries: ${employees}.emp_no = ${employee_salaries}.emp_no
        }
    }
     managers: {
        schema: MYSQL_DEV
        table: employees
        alias: Managers
    }    
     employee_salaries: {
        schema: MYSQL_DEV
        table: employee_salaries
        alias: Employee Salaries
    }
    departments: {
        schema: MYSQL_DEV
        table: departments
        alias: Departments
        joins: {
             managers: ${departments}.mgr_no = ${managers}.emp_no
        }
    }
}
}


As you can see in the above, KloudML consists of the following elements:

  1. Connection
  2. Security
  3. Roles
  4. Models

Lets look into the details of each component.

Connection:
This is the top element in any KloudML definition. It specifies which connection the KloudML definition applies to.
Format: connection_<name of the connection>
Example: connection_MySql_Dev where the MySql_Dev is the name of the database connection.

Security:
There are 2 modes of security controls available in KloudML. 

Role Based Access Control (RBAC)
      Define granular level access to database tables, views, columns based on the logged in user's roles. 

Example

  roles: {
        FINANCE_MANAGER: {
        employees: {
         columns: emp_no,first_name,last_name
        }
        }
        SALES_EXEC: employees
        PRODUCT_MANAGER: {
        departments: {
         columns: dept_id
        }
       
        }
    }


  In the above section of the KloudML, the roles section contains the roles and the models ( table/views) mapping. Here, Finance Manager can access employees model and can only access columns emp_no, first_name and last_name within the employees table. All other columns in the employees table is not accessible by the Finance Manager.

Also the controls are exclusive which means, the Finance manager can access only the employees table and only the columns mentioned.

Sales Executive can access only employees table but can access all the columns, since there is no explicit column listing.

Product Manager on the other hand can access only the departments table and only the column dept_id.


Team Based Access Control (TBAC)
This access control is yet to be available. It is similar to RBAC. But, it is based on teams.

Models:
Models are definitions for tables/views. A Model can represent a table/view along with other properties such as alias for the table name, join conditions with other models.

  models: {
      employees: {
        schema: MYSQL_DEV
        table: employees
        alias: Employees
        joins: {
            departments: ${employees}.dept_id = ${departments}.dept_id
            employee_salaries: ${employees}.emp_no = ${employee_salaries}.emp_no
        }
    }
     managers: {
        schema: MYSQL_DEV
        table: employees
        alias: Managers
    }    
     employee_salaries: {
        schema: MYSQL_DEV
        table: employee_salaries
        alias: Employee Salaries
    }
    departments: {
        schema: MYSQL_DEV
        table: departments
        alias: Departments
        joins: {
             managers: ${departments}.mgr_no = ${managers}.emp_no
        }
    }
}

Above section contains the sample models definition. This section can be used to define models. These models are referenced in the roles section.

A model typically contains the following information:

Schema - Schema name of the table/view
Table - Name of the table/view
Alias - An user friendly name for the table/view. This is what is shown to the users in the Kloudio Report Builder.
Joins - Contains a list of model names and the join conditions to join with other models.
More information about KloudML is coming soon.

Did this answer your question?