Data Governance

With the new regulations around data privacy such as GDPR, HIPAA, AML and companies handling private data making efforts to minimise their risks, we make sure that we keep Data Governance at high standards for your data in motion.

  • Right to request a copy of personal data ✔
  • Keep detailed records of data activities ✔
  • Protect Sensitive Data ✔
  • Role-based Data Access ✔
  • Access Control Lists ✔
  • SSL Encryption and Kerberos ✔
  • LDAP and Active Directory ✔

Right to request a copy of personal data

Lenses SQL engine allows thorough examination and retrieval of records. Collect and store in CSV or JSON format any records you want to retrieve. Automate any requests for personal data via APIs and CLI tool.


Keep detailed records on data activities

All data activities are automatically captured and the full audit trail is preserved.

  • Any user access to data, is audited into an immutable topic, so that we know WHO accessed WHAT data and WHEN.
  • Any Kafka Connect data integration, is audited into an immutable topic so that we know WHICH connect process accessed data and WHEN
  • Any SQL processor is also audited into an immutable topic so that we know WHAT data activities have been performed on data and WHEN
  • Any System (infrastructure level) action like creating a topic, or changing a configuration, or deleting a topic, is audited into an immutable topic

Note: ACLs on audit topics to restrict write level access

Protect Sensitive Data

If leveraging Apache Avro as a data container, you can annotate with "obfuscate":"true" any sensitive field. Once a field is “protected” Lenses will always obfuscate the contents. Use this to make sensitive fields invisible to any user via any means: Web UI, REST, WS, CLI, Python, JDBC.

  "type" : "record",
  "name" : "Customer",
  "namespace" : "com.acme.streaming",
  "fields" : [
      "name" : "ssn",
      "type" : "int"
      "obfuscate": "true"
    }, {
      "name" : "posId",
      "type" : "string",

Role Based Data Access

Lenses provides fine-grained level access to users and groups of your organization to your data. You can also map the role based access to your existing LDAP or AD (Active Directory).

Apart from different read, write and admin levels, you can control via whitelists or blacklist rules WHO can access WHAT data:

WHITELIST example of a user in a group with READ and WRITE access to topics starting with equity_[
  {"name": "equityUK", "roles": ["read", "write"], topic: { whitelist: ["equity_.*"] } }
] = [
  {"username": "traderUK", "password": "pass", "displayname": "Trader", "groups": ["equityUK"]}

BLACKLIST example of a user in a group with READ access to all topics but those starting with private_[
  {"name": "viewPublic", "roles": ["read"], topic: { blacklist: ["private_.*"] } }
] = [
  {"username": "publicA", "password": "pass", "displayname": "Public", "groups": ["viewPublic"]}

Access Control Lists

When authentication is enabled (via Kerberos or TLS certificates), you can utilize the Kafka ACLs infrastructure.

SSL Encryption and Kerberos

All the components of Lenses fully support Kafka clusters with SASL_SSL or SSL. Once the components used ( Kafka Connect clusters and/or Kubernetes) and Lenses are configured to operate over SSL you can have 100% network-level encryption.

LDAP and Active Directory

Pluggable mapping of existing users and groups in LDAP or AD into various access levels to streaming data.


Lenses is leveraged across multiple FTSE-100 companies, Financial institutes and other highly regulated industries, thus Data Governance is a first-class citizen. For additional information contact us