Webinar: Join Immuta, HP, & NightDragon to learn why managing access is critical for the future of data use.

Sign Up

Attribute-Based Access Control

Immuta’s ABAC helps reduce policy burden by decoupling the user from data access control policies.

What is ABAC?

Attribute-based access control (ABAC) is a dynamic and multidimensional approach to data security that allows access to authorized database users and restricts access for unauthorized internal and external individuals.

How Immuta delivers ABAC

Build Policies in Plain Language

Immuta’s explainable policy builder lets users author policies in plain language, so all security and governance stakeholders can understand how access control is managed and protected. Data engineers can also build policies as code to make them extensible to other tools in the data stack. This approach improves collaboration and fits seamlessly into modern DataOps workflows.

Flexibility to Support Attributes, Roles, and Purposes

Many data teams suffer from “role explosion” due to static, role-based policies, requiring them to manually manage hundreds or thousands of user roles to control access to data in specific tables or databases. Immuta solves this problem with attribute-based access control. Unlike open source solutions such as Apache Ranger, this approach uses dynamic user subject attributes, such as geography, time and date, clearance level, and purpose, represented as policy variables, to make context-aware decisions at query time. This means that a single Immuta ABAC policy can replace over 100 roles, saving time and reducing security risks.

Easily Integrate with Third Party Systems

Immuta easily integrates with third party systems like data catalogs, IAMs like Okta, and business applications like HR systems, and allows data teams to write policies against those systems. Furthermore, Immuta easily integrates into developer pipelines with its policy-as-code interface.


Limit Data Use to Specific Purposes

New and expanding government regulations such as CCPA and the GDPR prevent analytics teams from legally using sensitive data without clear and intended purposes. Immuta provides easy-to-use consent workflows for data teams to audit usage purposes and create attribute-based controls that enforce who can use what data and why. With streamlined workflows for consent, it’s easier to comply with legal guidelines and prove that compliance when necessary.

Improved Security and Management

With Immuta’s ABAC, key attributes are determined at request time to determine validity of access request. Contextual and purpose based controls can also be applied for enhanced security. If an employee changes roles or leaves the company, the risk of data leaks are eliminated as roles do not need to be manually managed for each user.

Secure Data Collaboration

Immuta features a patented, policy-based approach to enabling secure data collaboration using data-level zones that manage read/write access across users with different permissions. By using data-level zones, Immuta automatically equalizes access rights for all users, making it easy and safe to publish derived data sets without leaking data to users with different permissions.


Frequently Asked Questions

What is attribute-based access control and why is it important?

Attribute-based access control manages access to a company’s data by allowing access to authorized database users based on various dynamic attributes, including title, geography, and data type. This delivers a range of business benefits, including increased efficiency of data analytics, data governance, data-rich application development, and compliance, as well as quicker results and greater value derived from sensitive data.

Learn more
What is fine-grained access control?

Fine-grained access control is a method of managing data access that uses specific and different policies to restrict access at the row-, column-, and cell-level, ensuring that sensitive information is thoroughly protected. With fine-grained access control, each data point has a unique access control policy, making protection measures more precise and allowing data with varying regulatory requirements to be securely stored and used together.

What’s the difference between RBAC and ABAC?
  • RBAC permits or restricts data access based on the privileges associated with a user’s role within an organization. Privileges can only be changed or added if a new role is created.
  • ABAC is more dynamic. It permits or restricts data access based on a variety of independently provisioned and environmental characteristics, such as assigned user, action, and environmental attributes.
Learn more
What are attribute-based access control implementation best practices?

Attribute-based access control (ABAC) is a dynamic and multidimensional approach to data security. When implementing ABAC, it is best to ensure you have a tool that enables simple, scalable policy creation in order to avoid unnecessary manual work or role-explosion. The ABAC model should also be flexible, with the ability to adapt to the ever-changing world of compliance and governance. Automation, universal cloud compatibility, and customized permissions can work in tandem to provide users with safe and effective access to their data. Immuta’s attribute-based access control model provides these features and more.

Have 29 minutes?

Let us show you how Immuta can transform the way you govern and share your sensitive data.