search

Attribute Management

hashtag
Overview

Attribute Management refers to the process of defining, organizing, and maintaining user attributes that are used to make attribute-based access control (ABAC) decisions.

It is a core capability enabling Attribute-Based Access Control (ABAC) policies to be created and enforced in a domain-driven data governance model.

It defines how user attributes are structured, governed, and scoped for policy authoring and policy deployment across registered data sources like Snowflake.

It can be used in following types of ABAC policies.

  1. Masking policy

  2. Row Filter policy

hashtag
Feature Capabilities

Attributes in the ABAC system can be broadly classified as:

  • Common User Attributes:

    • Global attributes applicable across all domain products.

      • generally known as ALL under data products.

    • Example: user.role, user.region

  • Domain Product-Specific User Attributes:

    • Custom attributes tied to a specific domain data product.

    • Example: For Finance domain: user.gl_access_scope, for Sales domain: user.territory_id

    • The admin can specify a Unique Identifier for each data product to store and reference user attribute values. This ensures that attribute values are mapped accurately within the context of the data product and enables precise policy evaluation during ABAC enforcement

These attributes are pre-defined centrally.

  • Attribute Based Access Policies:

    • ABAC policies are created based on assigned data products.

    • During policy creation, all applicable User Attributes—either Common or specific to the assigned Data Product—are automatically populated and made available for use in defining access rules.

    • These attributes are used to enforce fine-grained access control over the underlying data assets.

hashtag
Step-by-Step Guide

A. Create Domain Product User Attribute

  1. Go to the TrustLogix Dashboard.

  2. Navigate to Attribute Management from Menu.

  3. Under the Attributes section click on Add Attribute

  4. Select the registered Snowflake data source name.

  5. Choose the specific Data Product (e.g. Accounting_Finance) associated with this user attribute from Data Product dropdown.

    1. Select ALL option for using it as Common user attribute.

  6. Enter the attribute Display Name, Description.

  7. Choose the attribute DataType.

  8. Choose the attribute Group (Optional).

  9. Click Save.

  10. Once Attribute is Saved, Click Provision to push attribute to Snowflake data source.

hashtag
Best Practices

  • Ensure that each attribute is clearly scoped to a domain and specific data product.

  • Prevent attributes from being reused across domains unless explicitly marked as ALL (common/shared).

  • This supports least privilege access and ensures policy isolation.

PreviousData ProductsNextTemplate Policies

Last updated

Was this helpful?