luvv to helpDiscover the Best Free Online Tools
Topic 5 of 8

Access And Privacy Policies Basics

Learn Access And Privacy Policies Basics for free with explanations, exercises, and a quick test (for BI Developer).

Published: December 24, 2025 | Updated: December 24, 2025

Table of Contents

Why this matters

As a BI Developer, you translate data into dashboards and models people use to make decisions. Access and privacy policies keep sensitive data safe while still letting the right people do their work.

  • Real tasks you will face:
    • Configure row-level and column-level security for dashboards and semantic models.
    • Mask sensitive fields (emails, phone numbers) by default; unmask only for approved roles.
    • Classify datasets (public, internal, confidential, restricted) and map controls to each class.
    • Set up audit logging to track who viewed or exported data.
    • Implement retention and deletion rules for datasets and extracts.

Concept explained simply

Access policy answers: Who can do what with which data, under which conditions. Privacy policy answers: Why we have the data, what we are allowed to do with it, and how we minimize exposure.

Mental model

Think of your data platform as a building:

  • Doors and keys: authentication and role-based access (who gets in).
  • Rooms: datasets, tables, and dashboards.
  • Room labels: data classifications (public, internal, confidential, restricted).
  • Blinds on windows: masking and aggregation to hide detail.
  • CCTV: audit logs proving who went where and when.
  • Cleaning schedule: retention and deletion to remove stale data.

Key principles

  • Least privilege: Grant the minimum access needed to perform a task.
  • Need-to-know: Access is tied to a legitimate business purpose.
  • Data classification: Tag data by sensitivity and align controls accordingly.
  • Purpose limitation and consent: Use personal data only for approved purposes and only when consent or legal basis exists.
  • Retention and deletion: Keep data only as long as necessary; delete or anonymize afterward.
  • Auditability: Log access, changes, and data exports.
  • Separation of duties: Builders, approvers, and reviewers are not the same person when stakes are high.
Common control types (open to skim)
  • RBAC (role-based access control): Roles map to datasets and actions.
  • ABAC (attribute-based): Conditions like region = user's region.
  • Row-level security (RLS): Filters rows per user or group.
  • Column-level security (CLS) and masking: Hide or hash sensitive columns.
  • Encryption: In transit (TLS) and at rest (storage-level).
  • Data minimization: Select or aggregate only what is needed.
  • Data loss prevention (DLP): Prevent sensitive data usage in risky contexts.

Worked examples

Example 1 — Regional sales dashboard with RLS

Scenario: Sales managers should see only their region; executives see all regions.

  1. Create roles: exec_all_regions, mgr_region.
  2. Define a user-to-region mapping table (user_email, region).
  3. RLS rule: sales.region IN (SELECT region FROM mapping WHERE mapping.user_email = current_user).
  4. Assign exec_all_regions without RLS filter; assign mgr_region with the filter.
  5. Test using impersonation mode for various users; confirm totals change appropriately.
Example 2 — Masking emails for analysts

Scenario: Analysts can analyze behavior but must not see full emails.

  1. Classify customer.email as PII (restricted).
  2. Create a computed column email_masked that reveals only the domain and first 2 characters: ex******@domain.com.
  3. Grant analysts access to email_masked only; deny direct access to email column.
  4. For support role, permit unmasked view with documented justification and approval.
Example 3 — Access request workflow

Scenario: A marketing analyst requests access to export detailed customer data.

  1. Check purpose: campaign performance analysis (approved?), and retention requirements.
  2. Map to role: marketing_analyst_view_agg (aggregate-only) is default fit.
  3. Decision: deny detailed PII export; approve aggregated metrics with k-anonymity rule (e.g., minimum 10 customers per group).
  4. Document: ticket includes purpose, controls, expiry date, and reviewer.

Hands-on exercises

These mirror the interactive exercises below. Try them here first.

Exercise 1 — Build an access control matrix

Create a simple matrix for three roles and three datasets with actions (view, explore, export).

  1. Define roles: executive, sales_manager, data_analyst.
  2. Define datasets: regional_sales, customer_pii, finance_summary.
  3. Apply least privilege and privacy principles to fill which actions each role gets.
  4. Add expiry for temporary exports where needed.
  • You restricted customer_pii to only those with a documented need.
  • You limited export to the smallest necessary audience.
  • You added review/expiry notes for elevated access.
See a sample solution
{"executive": {"regional_sales": ["view","export"], "customer_pii": [], "finance_summary": ["view","export"]},
"sales_manager": {"regional_sales": ["view","explore"], "customer_pii": [], "finance_summary": ["view"]},
"data_analyst": {"regional_sales": ["view","explore"], "customer_pii": ["view_masked"], "finance_summary": ["view","explore"]}}
Notes: data_analyst gets only masked PII; exports restricted to executive; reviews every 90 days.

Exercise 2 — Write a masking rule

Design a transformation that exposes masked emails to most users and full emails only to support role.

  1. Create a derived column email_masked showing first 2 letters + ">***" + domain.
  2. Define policy: if user has attribute can_view_pii = true then email_exposed = email else email_exposed = email_masked.
  3. Ensure dashboards use email_exposed, not raw email.
Example pseudo-SQL
SELECT CASE WHEN current_user_has('can_view_pii') THEN email
            ELSE CONCAT(SUBSTR(email,1,2),'***',SUBSTR(email,INSTR(email,'@')))
       END AS email_exposed
FROM customers;
  • Masking applies by default.
  • Only an approved attribute/role reveals full data.
  • Dashboards reference the exposed field, not raw PII.

Common mistakes and how to self-check

  • Over-granting access: Everyone gets editor or export rights. Self-check: Review last 30 days of audit logs; identify unused high-privilege roles and revoke.
  • Relying only on encryption: Encryption at rest does not replace RLS/CLS. Self-check: Impersonate a user and verify row/column filters work.
  • Unmasked PII in extracts: CSV exports bypass masking. Self-check: Test export with non-privileged role; verify masking persists.
  • No expiry on temporary access: Access persists indefinitely. Self-check: Add end-dates and schedule reviews.
  • Missing purpose documentation: Access granted without why. Self-check: Require a ticket with purpose and legal basis.

Practical projects

Project 1 — Classify and control a small data mart
  1. Inventory three tables: customers, orders, payments.
  2. Classify columns (PII, confidential, internal, public).
  3. Define roles and controls (RLS, masking, export rules).
  4. Implement one RLS rule and one masking rule.
  5. Test with two impersonated users and capture screenshots (or notes) of differences.
Project 2 — Build an access request playbook
  1. Create a template: requester, purpose, dataset, role, expiry, approver.
  2. Write decision criteria using least privilege and purpose limitation.
  3. Draft canned responses for common requests (approve aggregated only, deny PII export).

Who this is for

  • BI Developers, Analytics Engineers, and Data Analysts who publish dashboards, data models, or extracts.
  • Team leads who review and approve data access.

Prerequisites

  • Basic SQL and familiarity with your BI tools security features (roles, groups, RLS/CLS).
  • Understanding of your organizations data classification scheme.

Learning path

  • Before: Data classification and catalog basics.
  • Now: Access and privacy policies (this lesson).
  • Next: Advanced RLS/CLS patterns, auditing and monitoring, data retention automation.

Next steps

  • Implement one masking rule in a real dashboard and test with two roles.
  • Set a quarterly review for high-privilege roles.
  • Document a simple access request workflow for your team.

Mini challenge

You are asked to allow a vendor to view customer-level purchases to help with a campaign.

  • Write one rule that protects privacy while enabling analysis.
  • Specify the approval needed and the expiry date.
  • State what you will log to prove compliance.

Glossary

  • PII: Personally Identifiable Information (e.g., name, email, phone).
  • RLS: Row-Level Security; filters data by user/group.
  • CLS: Column-Level Security; hides or masks sensitive columns.
  • RBAC/ABAC: Role- or Attribute-based access control models.
  • Purpose limitation: Use data only for stated, legitimate purposes.

About the quick test

The quick test is available to everyone for free. Only logged-in users will have their progress saved.

Practice Exercises

2 exercises to complete

Instructions

Create an access control matrix for these roles and datasets:

  • Roles: executive, sales_manager, data_analyst
  • Datasets: regional_sales, customer_pii, finance_summary
  • Actions: view, explore, export, view_masked

Apply least privilege and privacy-by-default. Add a note for any temporary elevated access with an expiry date.

Expected Output
A JSON-like matrix listing which actions each role can perform per dataset, with notes for expiry and masking.

Access And Privacy Policies Basics — Quick Test

Test your knowledge with 10 questions. Pass with 70% or higher.

10 questions70% to pass
Certified Versus Ad Hoc ReportingChange Management For Metric Definitions

Have questions about Access And Privacy Policies Basics?

AI Assistant

Ask questions about this tool