> For the complete documentation index, see [llms.txt](https://docs.trustlogix.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.trustlogix.io/data-domains/attribute-management.md). # Attribute Management ### Overview Attribute Management refers to the process of defining, organizing, and maintaining **user attributes** that are used to make **attribute-based access control (ABAC)** decisions. It is a core capability enabling **Attribute-Based Access Control (ABAC)** policies to be created and enforced in a **domain-driven data governance** model. It defines how **user attributes** are structured, governed, and scoped for **policy authoring** and **policy deployment** across registered data sources like **Snowflake**. It can be used in following types of ABAC policies. 1. Masking policy 2. Row Filter policy ### Feature Capabilities Attributes in the ABAC system can be broadly classified as: * **Common User Attributes:** * Global attributes applicable across all domain products. * generally known as **ALL** under data products. * Example: `user.role`, `user.region` * **Domain Product-Specific User Attributes:** * Custom attributes tied to a specific **domain data product**. * Example: For `Finance` domain: `user.gl_access_scope`, for `Sales` domain: `user.territory_id` * The admin can specify a **Unique Identifier** for each data product to store and reference user attribute values. This ensures that attribute values are mapped accurately within the context of the data product and enables precise policy evaluation during ABAC enforcement These attributes are pre-defined centrally. * **Attribute Based Access Policies:** * ABAC policies are created based on assigned data products. * During policy creation, all applicable **User Attributes**—either **Common** or specific to the assigned **Data Product**—are automatically populated and made available for use in defining access rules. * These attributes are used to enforce fine-grained access control over the underlying data assets. ### Step-by-Step Guide **A. Create Domain Product User Attribute** 1. Go to the TrustLogix Dashboard. 2. Navigate to **Attribute Management** from Menu. 3. Under the **Attributes** section click on **Add Attribute** 4. Select the registered **Snowflake** data source name. 5. Choose the specific **Data Product** (e.g. Accounting\_Finance) associated with this user attribute from Data Product dropdown. * Select **ALL** option for using it as **Common** user attribute. 6. Enter the attribute **Display Name, Description**. 7. Choose the attribute **DataType**. 8. Choose the attribute **Group** (Optional). 9. Click **Save**. 10. Once Attribute is Saved, Click **Provision** to push attribute to Snowflake data source. ### Best Practices * Ensure that each attribute is clearly **scoped to a domain and specific data product**. * Prevent attributes from being reused across domains unless explicitly marked as **ALL (common/shared)**. * This supports **least privilege access** and ensures **policy isolation**. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.trustlogix.io/data-domains/attribute-management.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.