Policy Authoring for Data
    • 17 Mar 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF

    Policy Authoring for Data

    • Dark
      Light
    • PDF

    Article summary

    Policy Structure

    Consistently protecting the same data assets across different databases is a challenge that many data owners struggle with. Often there is a lack of transparency around the authorizations that are enabled due to the different layers of permissions that can surround a database.

    Using PlainID's Authorization Platform for managing access to data provides the following main benefits:

    • Unified Access Management - Enables you to manage access to data objects using a unified interface that can provide consistent access decisions.
    • Fine-grained access solution - Provides you with an access solution that supports fine-grained access controls, both on row and column levels.
    • Central enforcement layer - Enables the implementation of a central enforcement layer for all data access.

    The Authorization Platform offers unique support for database-adaptive access using the Policy Resolution endpoint. This endpoint is designed to add/modify the SQL query the user is trying to perform, so that only authorized data is processed.

    Data stored in databases are typically stored in tables. Building Policies for data enforcement is based on two levels of decision:

    • Row level
    • Column level

    To build Policies for data, both row and column levels should be considered. When setting up the building blocks for fine-grained data access in the Authorization Platform, the following structure must be followed:

    • Asset Type for row level access control: This Asset Type represents the physical structure of the table and can represent more than one table. For more information, see Dynamic Data Mapping.

    • Asset Type for column level access control: This Asset Type defines the actual columns that access should (or should not) be provided access to.

    PlainID's Authorizers leverage the Policy Resolution endpoint to impact the query data selection based on Authorization Policies created in the Platform. To learn more about building Policies that control access to data for our Authorizers, see Google BigQuery.


    Was this article helpful?