Data Access Governance: Controlling Who Sees What Data

Data access governance is the discipline of managing who can access data, what data they can access, and under what conditions access is permitted. It encompasses policies, processes, and technologies that ensure data is accessible to those who need it while protected from unauthorized use.

Effective access governance balances two competing goals: enabling legitimate data use to drive business value, and protecting sensitive data from inappropriate access. Too restrictive, and data remains locked away unused. Too permissive, and sensitive data is exposed to risk.

Access Governance Fundamentals

The Principle of Least Privilege

Users should have access to only the data necessary for their legitimate business purpose - no more, no less. This principle:

• Limits exposure when accounts are compromised
• Reduces risk of accidental data misuse
• Creates clear accountability for data access
• Simplifies compliance with privacy regulations

Access Control Dimensions

Data access can be controlled across multiple dimensions:

Who: Which users, roles, or groups What: Which datasets, tables, columns, or rows When: What time periods or conditions How: Read, write, export, or other operations Why: What business purpose justifies access

Comprehensive governance addresses all dimensions.

Access Control Models

Role-Based Access Control (RBAC)

Access is granted based on job roles rather than individual users:

Role: Sales Analyst
Access:
  - Read: Sales database (all tables)
  - Read: Customer database (non-PII columns)
  - No access: Finance database
  - No access: HR database

Advantages: Scalable, easy to manage, aligns with organizational structure Limitations: Roles can become too broad; doesn't handle exceptions well

Attribute-Based Access Control (ABAC)

Access is determined by attributes of the user, resource, and context:

Policy: Access customer financial data
Conditions:
  - User.department = "Finance" OR User.department = "Sales"
  - User.training.dataPrivacy = completed
  - Resource.classification <= "Confidential"
  - Request.location = "Corporate network"

Advantages: Fine-grained control, handles complex scenarios Limitations: Complex to implement and maintain

Purpose-Based Access Control

Access is granted for specific purposes and limited to that use:

Access Grant:
  User: Marketing Team
  Data: Customer contact information
  Purpose: Q4 campaign outreach
  Permitted Use: Email marketing only
  Expires: December 31

Advantages: Aligns with privacy regulations, clear accountability Limitations: Requires tracking purpose through data use

Implementing Access Governance

Define Access Policies

Establish clear policies for data access:

Classification-Based Policies:

Public Data: All employees, no approval required
Internal Data: All employees, automatic access
Confidential Data: Need-to-know, manager approval required
Restricted Data: Specific roles only, data owner approval required

Domain-Based Policies:

Finance Data: Finance team + approved cross-functional access
HR Data: HR team only, strict need-to-know
Customer Data: Sales, Support, Marketing with purpose restrictions

Establish Access Request Processes

Create clear pathways to legitimate access:

1. Request Submission: User requests access with business justification
2. Approval Workflow: Appropriate approvers review request
3. Access Provisioning: Approved access is granted in systems
4. Access Documentation: Grant is logged for audit purposes
5. Periodic Review: Access is reviewed for continued need

Implement Technical Controls

Translate policies into technical enforcement:

Database-Level Controls:

• User permissions on tables and views
• Row-level security filters
• Column masking for sensitive data

Application-Level Controls:

• User interface restrictions
• API authentication and authorization
• Feature flags based on permissions

Semantic Layer Controls:

• Metric-level access restrictions
• Dimension value filtering
• Query-time access enforcement

Enable Access Auditing

Track and monitor data access:

Access Logging: Record who accessed what data, when Query Logging: Capture queries executed against sensitive data Anomaly Detection: Alert on unusual access patterns Regular Reporting: Report access patterns to data owners

Row and Column Level Security

Column-Level Security

Restrict access to specific fields:

Table: Customers
-----------------
Columns visible to Sales:
  - customer_id, name, company, email, phone

Columns visible to Finance:
  - customer_id, name, company, payment_terms, credit_limit

Columns visible to Support:
  - customer_id, name, company, support_tier, contact_preferences

Use Cases:

• Hiding PII from users who don't need it
• Restricting financial data to finance roles
• Protecting sensitive classifications

Row-Level Security

Restrict access to specific records:

Policy: Territory-based access
User sees only: Customers WHERE territory = User.assigned_territory

Policy: Hierarchy-based access
Manager sees: Employees WHERE org_hierarchy UNDER Manager.org_node

Policy: Multi-tenant isolation
Tenant A sees only: Records WHERE tenant_id = 'A'

Use Cases:

• Sales territories
• Organizational hierarchies
• Multi-tenant applications
• Geographic restrictions

Dynamic Data Masking

Show obfuscated values instead of actual data:

Credit card: **** **** **** 4532 (last 4 only)
SSN: ***-**-6789 (last 4 only)
Salary: [MASKED] (complete hide)
Email: j***@company.com (partial mask)

Use Cases:

• Development and testing environments
• Customer service displays
• Analytics on sensitive data

Access Governance Challenges

Access Creep

Users accumulate access over time:

• Access granted for projects that ended
• Role changes without access updates
• Access inherited through group memberships

Solutions: Periodic access reviews, automatic expiration, role-change triggered reviews

Shadow Access

Access granted outside governance processes:

• Direct database credentials shared informally
• Export files circulated via email
• Data copied to ungoverned locations

Solutions: Technical controls preventing workarounds, monitoring for shadow access, culture of governance

Balancing Security and Usability

Over-restrictive access frustrates legitimate use:

• Long approval processes for routine access
• Overly broad restrictions that block valid work
• Lack of self-service for low-risk access

Solutions: Risk-proportionate controls, streamlined processes for common requests, self-service for pre-approved access patterns

Cross-System Consistency

Access must be consistent across data copies:

• Warehouse access aligned with source system access
• BI tool access aligned with warehouse access
• API access aligned with application access

Solutions: Centralized access management, access propagation through data lineage, unified identity management

Access Governance and Analytics

Self-Service Analytics Implications

Self-service requires careful access governance:

• Users can explore data without IT mediation
• Access controls must be embedded in self-service tools
• Semantic layer can enforce consistent access across tools

Metric-Level Access

Access governance extends to business metrics:

• Some metrics contain sensitive data (individual compensation, performance)
• Access to metrics should respect underlying data sensitivity
• Certified metrics need access controls as part of governance

Query Governance

Not just what data, but what queries:

• Prevent queries that expose individual records from aggregations
• Limit data export and download capabilities
• Monitor for queries that circumvent access intent

Data access governance is where security meets data utility. Well-designed governance enables broad data access for legitimate purposes while protecting sensitive information - creating the foundation for both democratization and compliance.