Database and Schema level Policies

TrustLogix Database and Schema, Table Access Policies provide a structured and efficient approach to controlling access to data objects within an organization’s data ecosystem. These policies enable administrators to define access grants at different levels like schemas, tables, and views—ensuring granular security enforcement across multiple data sources.

Types of Object-Level Access Policies

1. Database - Multi Schema Policies

This policy type allows administrators to apply access controls across multiple schemas within a database. Instead of manually defining policies per schema, this approach enables centralized access management, ensuring uniform security configurations.

Use Case: Grant "analyst" roles read access to a specific schemas in a financial database without setting individual policies for each schema.

Creation of Database - Multi Schema Policies

Login as Super User or Policy Administrator

Click on Data Sources from main menu. User will see all the allowed data sources in the data sources list view

Select the data source for which user wants to create access policies(User can create access policies on data source for which he/she has access to)

If Access Policies is not the default tab, Click on Access Policies tab.

Click on Create Access Policy button on access policy list view

Select Object Access card from the create policy model

Enter Policy Name and Policy Description

Select Database - Multi Schema as Policy type from the drop down

Select the Database name from the Database drop down

Select the Schema names from the Schema drop down

Select the objects privileges from the drop down

Object privileges (Select,Insert, Update, Delete, Truncate) is supported, and only Table and View objects are supported via this policy

Choose Future grants option if the selected grants needs to be auto assigned to the principal for any new objects created under this database or schema

Future grant option is available only for Snowflake data source

Select Next button after selecting objects.

Select Principal value from the drop down

Principal value is

Role for Snowflake

Account User or Account Group for Databricks

Select Save button, to generate the grants for the selected objects and principal

Once the selected values are validated, grants will be generated

If the values provided are not valid, the policy creation process will result in an error due to validation failures. Validation can fail for the following reasons:

1. Duplicate Policy Creation: A policy already exists for the selected object and principal combination.

2. Catalog Access: The policy creation will fail if the catalog data is not accessible by control plane role.

On successful validation, policy is created and ready for deployment

Click on deploy button, on successful deployment the policy status will be moved to Deployed.

2. Schema - Multi Object Policies

Schema-level policies offer the most granular control by allowing administrators to apply access controls to specific tables and views within a schema. This ensures that only authorized users can interact with designated objects, maintaining fine-tuned security.

Use Case: Allow data engineers to modify specific tables within a schema while restricting access to sensitive views.

Creation of Schema - Multi Objects Policies

Login as Super User or Policy Administrator

Click on Data Sources from main menu. User will see all the allowed data sources in the data sources list view

Select the data source for which user wants to create access policies(User can create access policies on data source for which he/she has access to)

If Access Policies is not the default tab, Click on Access Policies tab.

Click on Create Access Policy button on access policy list view

Select Object Access card from the create policy model

Enter Policy Name and Policy Description

Select Schema - Multi Objects as Policy type from the drop down

Select the Database name from the Database drop down

Select the Schema names from the Schema drop down

Select object names from the object names drop down

Select the objects privileges from the drop down

Object privileges (Select,Insert, Update, Delete, Truncate) is supported, and only Table and View objects are supported via this policy

Select Next button after selecting objects.

Select Principal value from the drop down

Principal value is

Role for Snowflake

Account User or Account Group for Databricks

Select Save button, to generate the grants for the selected objects and principal

Once the selected values are validated, grants will be generated

If the values provided are not valid, the policy creation process will result in an error due to validation failures. Validation can fail for the following reasons:

1. Duplicate Policy Creation: A policy already exists for the selected object and principal combination.

2. Catalog Access: The policy creation will fail if the catalog data is not accessible by control plane role.

On successful validation, policy is created and ready for deployment

Click on deploy button, on successful deployment the policy status will be moved to Deployed.

Benefits of Object-Level Access Policies

Granular Control – Apply policies at the most appropriate level (database, schema, table, or view).