Data access control is an important aspect of data governance. It is a tool to manage data access, with policies and privileges defined for authorized users, including data scientists, engineers, and analysts. Whether you use data governance policies in your organization or not, you must understand the concept of data access control.

Administrative And Technical Access Control

The concept of administrative and technical access control is based on the need to restrict access to sensitive systems and resources. This means implementing perimeter security measures, such as fences and locks, security guards, and biometric systems. These measures also include technical mechanisms limiting physical and digital access of unauthorized individuals to computers, such as firewalls, antivirus software, and intrusion detection systems. In addition to physical controls, administrative access control defines company policies and practices by security objectives. For example, policies and procedures regarding internet usage and employee hiring can help limit unauthorized access to critical systems and resources. Besides physical access control, administrative access control also involves people management measures. These include training and testing activities, formal policies, and procedural guidelines. 

Context-Centric Data Access Control

Context-centric data access control applies context awareness to data-access control. It uses contextual information to identify relevant entities and relationships between entities. These entities can include users, resources, and environments. For instance, context information can indicate a patient’s current health status. Using contextual information to guide access control policies effectively provides security to sensitive information.

A strong need exists for context-sensitive data access control. The key benefits of such a technology include its ability to manage access to data resources across diverse environments with relatively low computational overheads. In addition, context-centric access control can be implemented with a single set of policies. 

Role-Based Access Control

Role-based data access control is becoming more popular as an access control strategy for organizations. This approach eliminates the need for individual access control implementation and simplifies data access control policies by allowing administrators to write policies based on existing organizational roles. The advantage of this approach is that it does not require new policies or internal role changes for new employees. Instead, data teams can assign appropriate roles to employees and then control the level of access that they have to company data. The basic RBAC model comprises three main elements: the user, the data, and the organization. Users can have multiple roles, and each role can have multiple permissions. In addition, there is a hierarchy of roles that determines seniority. This eliminates the need for redundant permissions. Data access control is an essential component of any security strategy. Role-based data access control (RSA) can help organizations protect sensitive data while enabling data sharing. In this article, we discuss the benefits of role-based data access control and provide guidelines for implementation.

Discretionary Access Control

Discretionary data access control refers to a process wherein a data artifact is accessible only to an authorized user. This process can be based on rules that the data owner defines. The data owner may be the user who creates the artifact or the organization that authorizes its use. Discretionary data access control is managed by the data administrator of the authoring organization. Discretionary data access control is a powerful and flexible method for managing access to your data. It allows you to dynamically create data artifacts and apply access controls to them. Access rules may be owner-defined and may be based on exceptions or other conditions. Discretionary data access control may allow users to grant access to a subset of data. For example, you can grant only certain users access to certain tuples or projected attributes. You can also restrict access to selected tuples or attributes of a table based on resource consumption.