Role & Authorization Design
As of 2026-05-29
Authorization design = least privilege by default, role-based by design, data-scoped where it matters — applied consistently across Datasphere + SAC. Two layers: object authorization (can you open it?) and data authorization (which rows can you see?). Datasphere does row-level via Data Access Controls (DACs) on the model; SAC enforces object roles + consumes the model's DACs. The classic breach: open access ≠ all-data access (regional manager sees every region because no DAC). Role-based not user-based; least privilege + segregation of duties. Data scoping is a legal requirement in utilities (unbundling, M099), pharma (M100), banking (M097), GDPR (M082) — a missing DAC there is a breach. Design a reviewable role→object→data matrix with re-certification for the audit.
Full module available to members.