# Attribute Management

### Overview

Attribute Management refers to the process of defining, organizing, and maintaining **user attributes** that are used to make **attribute-based access control (ABAC)** decisions.

It is a core capability enabling **Attribute-Based Access Control (ABAC)** policies to be created and enforced in a **domain-driven data governance** model.&#x20;

It defines how **user attributes** are structured, governed, and scoped for **policy authoring** and **policy deployment** across registered data sources like **Snowflake**.

&#x20;It can be used in following types of ABAC policies.

1. Masking policy
2. Row Filter policy

### Feature Capabilities

Attributes in the ABAC system can be broadly classified as:

* **Common User Attributes:**
  * Global attributes applicable across all domain products. &#x20;
    * generally known as **ALL** under data products.
  * Example: `user.role`, `user.region`
* **Domain Product-Specific User Attributes:**
  * Custom attributes tied to a specific **domain data product**.
  * Example: For `Finance` domain: `user.gl_access_scope`, for `Sales` domain: `user.territory_id`
  * The admin can specify a **Unique Identifier** for each data product to store and reference user attribute values. This ensures that attribute values are mapped accurately within the context of the data product and enables precise policy evaluation during ABAC enforcement

These attributes are pre-defined centrally.

* **Attribute Based Access Policies:**
  * ABAC policies are created based on assigned data products.&#x20;
  * During policy creation, all applicable **User Attributes**—either **Common** or specific to the assigned **Data Product**—are automatically populated and made available for use in defining access rules.&#x20;
  * These attributes are used to enforce fine-grained access control over the underlying data assets.

### Step-by-Step Guide

**A. Create Domain Product User Attribute**

1. Go to the TrustLogix Dashboard.
2. Navigate to **Attribute Management** from Menu.
3. Under the **Attributes** section click on **Add Attribute**
4. Select the registered **Snowflake** data source name.
5. Choose the specific **Data Product** (e.g. Accounting\_Finance) associated with this user attribute from Data Product dropdown.
   1. Select **ALL** option for using it as **Common** user attribute.
6. Enter the attribute **Display Name, Description**.
7. Choose the attribute **DataType**.
8. Choose the attribute **Group** (Optional).
9. Click **Save**.
10. Once Attribute is Saved, Click **Provision** to push attribute to Snowflake data source.

### Best Practices

* Ensure that each attribute is clearly **scoped to a domain and specific data product**.
* Prevent attributes from being reused across domains unless explicitly marked as  **ALL (common/shared)**.
* This supports **least privilege access** and ensures **policy isolation**.