SecurityNovember 14, 20256 min read

RBAC is not enough: attribute-based access in practice

Role-based access control gets you 60% of the way to a real data governance model. Here is the attribute-based policy language we added to cover the rest.

DH

Daniel HwangSecurity Engineering

Share

RBAC is great when your access rules map cleanly to org structure. Real data governance rules rarely do. "Analysts can see PII for customers in their assigned region, masked otherwise, unless the query is part of an audit" is not an RBAC rule.

ABAC policies, versioned alongside the catalog

policy.regorego

allow {
  input.user.attributes.region == input.row.region
  input.user.clearance >= input.column.sensitivity
}

Policies live in the catalog. They version with the table. A policy change opens a branch just like a schema change does.

DH

Written by

Daniel Hwang

Security Engineering at DXData.

Start building with DXData.

Spin up a catalog in minutes. Bring your own object store, keep your existing SQL, and branch your data like code.

Get started free Read the docs

RBAC is not enough: attribute-based access in practice

ABAC policies, versioned alongside the catalog

Read next

SOC 2 Type II, one year later

How we run 4.2B rows/day through a single Iceberg catalog

Branching production tables: a 6-month postmortem

Start building with DXData.

RBAC is not enough: attribute-based access in practice

ABAC policies, versioned alongside the catalog

Read next

SOC 2 Type II, one year later

How we run 4.2B rows/day through a single Iceberg catalog

Branching production tables: a 6-month postmortem

Start building with DXData.