Step 1: Understand the Data Access Requirements
The question presents distinct access needs for three teams:
Marketing team: Needs full access to customer contact info but only obfuscated claim information.
Claims team: Needs access to customer information relevant to the claims they process.
Analytics team: Needs only obfuscated PII data.
These teams require different levels of access, and the solution needs to enforce data security while keeping administrative overhead low.
Step 2: Why Option B is Correct
Option B (Creating Views) is a common best practice in Amazon Redshift to restrict access to specific data without duplicating data or managing multiple clusters. By creating views:
You can define customized views of the data with obfuscated fields for the analytics team and marketing team while still providing full access where necessary.
Views provide a logical separation of data and allow Redshift administrators to grant access permissions based on roles or groups, ensuring that each team sees only what they are allowed to.
Obfuscation or masking of PII can be easily applied to the views by transforming or hiding sensitive data fields.
This approach avoids the complexity of managing multiple Redshift clusters or S3-based data lakes, which introduces higher operational and administrative overhead.
Step 3: Why Other Options Are Not Ideal
Option A (Separate Redshift Clusters) introduces unnecessary administrative overhead by managing multiple clusters. Maintaining several clusters for each team is costly, redundant, and inefficient.
Option C (Separate Redshift Roles) involves creating multiple roles and managing complex masking policies, which adds to administrative burden and complexity. While Redshift does support column-level access control, it's still more overhead than managing simple views.
Option D (Move to S3 and Lake Formation) is a more complex and heavy-handed solution, especially when the data is already stored in Redshift. Migrating the data to S3 and setting up a data lake with Lake Formation introduces significant operational complexity that isn't needed for this specific requirement.
Conclusion:
Creating views in Amazon Redshift allows for flexible, fine-grained access control with minimal overhead, making it the optimal solution to meet the data access requirements of the marketing, claims, and analytics teams.
