Tag Based Policies

TrustLogix Tag-Based Access Policies provide a flexible and scalable approach to managing access control across data assets. By leveraging metadata tagging, organizations can define and enforce security policies dynamically, ensuring that access controls remain consistent across databases, schemas, and tables.

Tag-based policies simplify this process by automatically applying access grants based on object tags, streamlining governance and reducing administrative overhead.

Creation of Tag Based Policies

Login as Super User or Policy Administrator

Click on Data Sources from main menu. User will see all the allowed data sources in the data sources list view

Select the data source for which user wants to create access policies(User can create access policies on data source for which he/she has access to)

If Access Policies is not the default tab, Click on Access Policies tab.

Click on Create Access Policy button on access policy list view

Select Object Access card from the create policy model

Enter Policy Name and Policy Description

Select Tag as Policy type from the drop down

Select the Tag names from the Tags drop down

Select the objects privileges from the drop down

Object privileges (Select,Insert, Update, Delete, Truncate) is supported, and only Table and View objects are supported via Tag policy

Choose Future grants option if the selected grants needs to be auto assigned to the principal for any new objects created under this database or schema

Future grant option is available only for Snowflake data source

Select Next button after selecting objects.

Select Principal value from the drop down

Principal value is

Role for Snowflake

Account User or Account Group for Databricks

Select Save button, to generate the grants for the selected objects and principal

Once the selected values are validated, grants will be generated

If the values provided are not valid, the policy creation process will result in an error due to validation failures. Validation can fail for the following reasons:

1. Duplicate Policy Creation: A policy already exists for the selected object and principal combination.

2. Catalog Access: The policy creation will fail if the catalog data is not accessible by control plane role.

On successful validation, policy is created and ready for deployment

Click on deploy button, on successful deployment the policy status will be moved to Deployed.

Policy deployment will be successful only all grants to be properly assigned to the TrustLogix user and no duplicate policy exists. Otherwise, the policy will fail, and any missing grants or configurations must be reported.

Benefits of Tag based policies are

Automated Policy Enforcement – Ensures security rules are applied dynamically based on object tags. Scalability – Easily manage access for large-scale data environments without manual intervention. Consistency – Enforces standardized access policies across all tagged objects, minimizing misconfigurations. Simplified Governance – Enhances visibility into access controls and reduces administrative effort.