Attribute Based Access Policies

Attribute-Based Access Control (ABAC) Policies in TrustLogix

Overview

Attribute-Based Access Control (ABAC) in TrustLogix enables fine-grained data access control based on entitlement attributes. These policies are primarily used for:

• Row Access Policies – Restricting access to rows in a table based on attribute values.

• Masking Policies – Masking specific columns based on attribute conditions.

TrustLogix allows defining ABAC policies using two approaches:

1. Named Object Policies – Applied to explicitly selected objects (tables, views, and columns).

2. Tagged Object Policies – Applied to objects (tables, views, columns) that have been tagged.

ABAC policies can be configured through a no-code condition builder or using the SQL Policy Builder for complex conditions.

Types of ABAC Policies

1. Row Access Policy

Row Access Policies restrict user access to specific rows within a table based on entitlement attributes.

Subcategories of Row Access Policies:

• Named Object Row Access Policy: Applied to specific objects (tables and columns) by their names.

• Tagged Object Row Access Policy: Applied to objects that have been tagged.

2. Masking Policy

Masking Policies control the visibility of data in columns based on entitlement attributes.

Subcategories of Masking Policies:

• Named Object Masking Policy: Applied to specific columns using their names.

• Tagged Object Masking Policy: Applied to tagged columns.

Policy Components

Entitlement Attributes

ABAC policies use entitlement attributes to control access. These attributes define user permissions dynamically and can be matched with:

• Columns in a table

• Tagged columns

• Constant values

Object Selection

Policies can be applied to:

• Specific objects (Named Object Policy)

• Tagged objects (Tagged Object Policy)

Policy Condition Builder

TrustLogix provides a Condition Builder Interface to define policy conditions without SQL.

Features of the Condition Builder:

• Define rules using Attributes, Operators, and Values

• Supports AND/OR logical operations

• Matches conditions using:

  • Column Tagged As (for tagged objects)

  • Constant Value (for fixed values)

• Does not support complex joins or UDFs

SQL Builder Behavior in TrustLogix ABAC Policies

The SQL Policy Builder in TrustLogix provides an advanced way to define Attribute-Based Access Control (ABAC) policies using SQL expressions. It is primarily used when the Condition Builder Interface is insufficient for complex conditions, such as:

• Joins across multiple tables

• User-Defined Functions (UDFs)

• Nested conditions with intricate logic

• Hierarchical access control evaluations