CosmosDB (PostgreSQL)

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: PostgreSQL, Snowflake, SMB, etc.

About CosmosDB (PostgreSQL)

Azure Cosmos DB for PostgreSQL is a fully-managed relational database service for PostgreSQL, powered by the Citus open source extension. We support this as a structured datasource.

Onboarding CosmosDB (PostgreSQL) Data Source

Admins can create a user with restricted user permissions and use that restricted user’s username and password for registration. Currently only PostgreSQL authentication is supported. Since Cosmos for PostgreSQL currently has a limitation of having only 1 database. We provide the option to users to filter schemas that they wish to scan inside that database. Users can select the schemas they wish to scan and register the datasource.

1. Login to your LightBeam Instance.

2. Click on DATASOURCES on the Top Navigation Bar.

3. Click on “Add a data source”.

4. Search for PostgreSQL. Click on PostgreSQL under Azure Cosmos DB section.

5. Configure Basic Details

In the Basic Details section, enter the following information:

• Instance Name: Provide a unique name for the Cosmos DB data source (e.g., cosmos-postgres-datasource).

• Primary Owner: Enter the email address of the individual responsible for this data source (e.g., demo@lightbeam.ai).

• Source of Truth (Optional): Toggle this option on if this database serves as a single source of truth for entity validation.

• Description (Optional): Add a brief description of the database (e.g., "Cosmos PostgreSQL Datasource Instance").

1. Enter Connection Details

Provide the following details in the Connection section:

• Username: The username for database authentication.

• Password: The corresponding password for the username.

• Host: The Cosmos DB PostgreSQL server hostname (e.g., your-db-name.postgres.cosmos.azure.com).

• Port: The PostgreSQL connection port (default 5432 or a custom port).

1. Click Test Connection to validate the credentials.

8. Additional Details (Optional)

In this section, you can specify metadata attributes related to the data source:

• Location: The location of the data source.

• Purpose: The purpose of the data being collected/processed.

• Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

1. Verify that you get the message Connection Success! on the screen. Click on Next.

2. In the next screen, you will get a list of schemas to scan. Select the schemas that you wish to scan.

Click on Start Sampling button. The datasource is now registered.

APPENDIX

Minimal permissions user creation

Currently only PostgreSQL authentication is supported. Make sure this authentication is enabled from Azure CosmosDB (PostgreSQL) console.

To add a new user click on Add PostgreSQL role. Create a new user with a username and password.

Now grant this user these permissions:

The database is the name of the single database in Cosmos:

GRANT CONNECT ON DATABASE <database name> to <username>;

Following needs to be granted for all schemas user wish to scan:

GRANT SELECT ON ALL TABLES IN SCHEMA <schema name> TO <username>;

GRANT USAGE ON SCHEMA <schema name> TO <username>;

Use the user you just created to register PostgreSQL datasource.

Validate permissions to the database

Next, the user needs to validate these permissions to the database. This ensures authorized access to the database by the credentials provided by the user. After validating the permissions to the database, the user can configure LightBeam Spectra on the system.

Steps

2. Go into sql_user_check_postgres directory

3. Please refer to the README.md file in the directory for detailed instructions.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.