# Data Security and Access Control Architecture A data lake platform has various components that store data, execute jobs, orchestration tools and data consumption services, etc. Security for each type or even each component varies. Let's assume your data lake uses S3 as a storage . platform. Here are some examples of the kind of security to be used in some of the components at the platform level: * **Data catalog access and users' roles** - What accounts have access to a particular datasets in a data catalog and what roles do they use * **Direct access to datasets**- Either, objects stored in S3 or those used by the programs running as part of your data lake system, should have restricted access. Any system that has direct access to the datasets within a data lake should have fine grained access control * **Jobs execution** - Permissions to execute Jobs, YARN, or similar applications. * **Administration utilities** - Permissions to access and manage data platform’s components management utilities. Primarily, access control and data security in datalakes within AWS can be enforced by 1. [Access control using IAM](https://aws-reference-architectures.gitbook.io/datalake/data-security-and-access-control-architecture) 2. [Fine grained access control using AWS Lakeformation](https://aws-reference-architectures.gitbook.io/datalake/data-security-and-access-control-architecture/fine-grained-access-control-with-amazon-lake-formation) ## Have suggestions? Join our [Slack channel](https://join.slack.com/t/cat-cwp4274/shared_invite/zt-e2ztjpgw-Bugw46iXsLbZ~V54AljWsA) to share feedback. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://aws-reference-architectures.gitbook.io/datalake/data-security-and-access-control-architecture.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.