Row Access Policies
Row Access Policies in TrustLogix enable organizations to enforce fine-grained access control by restricting data access at the row level based on user attributes, roles, or predefined conditions. This document details how to create a row access policy and includes all available options in dropdown menus.
The Condition Builder simplifies policy creation for non-technical users, while the SQL Builder offers advanced customization for precise control over data masking rules.
Steps to Create a Row Access Policy
Navigate to the Row Access Policy Configuration
Log in to TrustLogix.
Click on Data Sources.
Select the relevant Data Source (e.g., Healthcare Services).
Click on Access Policies.
Click Create Policy.
Define Row Access Policy Details
Enter the Policy Name (e.g.,
Grant_Patient_info_By_Assigned_State).Provide a Policy Description (e.g.,
Grant all patient data to user based on assigned state).Click Next.
Select Data Scope
Choose Named As or Classified As.
Click Tags and enter classification keywords (e.g.,
SENSITIVE,CONFIDENTIAL).Select the Schema/Table to apply the policy (e.g :
HEALTH_CARE.PATIENT_SCHEMA.PATIENT)Click Close after selecting the objects.
Define Access Conditions
Click Use SQL Editor or Use Condition Builder.
Click Add Condition.
The Attribute drop down will list all available principal type options along with entitlement attributes.
Choose one of the option based on the condition wanted to be built.
Select the appropriate operator (
Equals,Not Equals,Contains,Starts With).Based on the attribute chosen Match with drop down will show up with available option
Choose the option from the Match with drop down. Value option will be provided with additional options based on selected Match with option
Select or enter the value
Click Add Condition or Add Nested Condition to add multiple criteria.
Click on Save
Modal window popup to show policy generation progress. If there are no errors policy is created and ready to be deployed
If required, review and update conditions before deployment.
If there are any validation error due to duplicate policy or column conditions mismatch correct them get the policy created and ready to be deployed
Click on Deploy button to deploy the policy from the modal.
Click Use Condition Builder or Use SQL Editor.
Save and Deploy the Policy
Click Save to store the policy.
Click Deploy to enforce the policy across the selected data sources.
Condition Builder Options:
User-friendly interface for defining access conditions without requiring SQL knowledge.
Attribute Selection:
Role NameUser GroupDepartmentGeographical RegionCountry
Attributes drop down will list all the attributes created under attribute management screen for this data source
Operators:
EqualsNot EqualsContainsStarts WithEnds WithIn ListNot In List
Logical Operators:
ANDORNested Conditions
Value Assignment:
Static values (e.g.,
USA,EU,APAC).Dynamic values based on user attributes.
Advantages:
User-friendly interface for defining access conditions without having SQL Knowledge.
Allows nested conditions for complex policies.
Provides drag-and-drop options to select attributes, operators, and values.
Best suited for non-technical users who prefer a guided configuration.
Supports logical operators like AND, OR, and grouping conditions.
SQL Editor Options:
Advanced tool for writing custom conditions in SQL syntax.
Allows for:
Fine-grained control over policy conditions.
Using
JOINs,subqueries, andcomplex expressions.Applying row-level security based on dynamic queries.
Example Query:
Advantages :
Advanced tool for writing custom conditions in SQL syntax.
Allows fine-grained control over policy conditions.
Supports JOINs, subqueries, and complex expressions.
Best suited for technical users familiar with SQL.
Provides query validation to ensure correctness before applying conditions.
Last updated
Was this helpful?