Question

To strictly enforce Data Governance across an organization, which access control model allows for granting permissions based on specific user metadata or data sensitivity levels rather than just static roles?

Accepted Answer

The access control model that enforces Data Governance by using user metadata and data sensitivity levels is Attribute-Based Access Control, commonly referred to as ABAC. Unlike Role-Based Access Control, which assigns permissions to fixed job titles or groups, ABAC makes access decisions by evaluating a set of attributes in real time. These attributes include subject attributes, such as a user&#x27;s department, security clearance, or location; object attributes, such as the data&#x27;s classification level, ownership, or purpose; and environmental attributes, such as the time of day or the security status of the connection. By using these dynamic factors, the system can grant or deny access based on policies that evaluate if a user&#x27;s specific properties match the requirements of the data. For example, an ABAC policy could be defined to allow access to a document only if the user&#x27;s clearance attribute is set to top secret and the document&#x27;s sensitivity attribute is also marked as top secret. This approach provides granular control, as it does not require creating new roles every time a specific data access requirement changes, making it highly scalable and flexible for complex governance needs.

Home → All Courses → Engineering and Technology Courses → Business Intelligence Engineering → Flashcard

To strictly enforce Data Governance across an organization, which access control model allows for granting permissions based on specific user metadata or data sensitivity levels rather than just static roles?