Why It Matters in 2023

Data privacy and security are more important now than ever before. Organizations of all sizes are facing increasing pressure to protect their sensitive data from cyberattacks, data breaches, and other security threats. In 2022, the average cost of data breach was ~4.35 (Figure 1).¹

Figure 1. The average cost of data breach types and their frequency.

To reduce the risk of data breaches, one approach is granular access. Granular access (or fine-grained access control) refers to the ability to control access to data and resources on a per-user or per-group basis. In other words, it allows organizations to define specific access policies for different users or groups rather than relying on broad, one-size-fits-all access controls. 

But, company leaders may not be aware of granular access. According to Google Search Results, granular access has not been looked for frequently worldwide in the past five years (Figure 2). Furthermore, these searches were carried out in the United States and India. This article explains granular database access in order to inform business leaders.

Figure 2. Interest in granular access.²

What is granular access?

Granular access is an access control model that offers finer-grained control over data and resource access. In granular access, a database administrator can grant access to users. Administrators can have full access to all data. It is designed to provide more precise control over who has access to what, based on: 

1. The user’s identity

The user’s identity refers to the unique characteristics that identify a specific user, such as their name, email address, or employee ID. Controlling access by considering a user’s identity can ensure that only authorized users can access certain data or resources. 

2. The user’s role

A user’s role refers to their position or function within an organization. For example, in a healthcare setting, doctors may have access to different patient data than nurses or administrative staff. By considering a user’s role, granular permissions can ensure that they have access only to the data or resources that are relevant to their job function.

3. Other attributes of the user 

Other attributes that can be considered when implementing granular permissions can include the time of day, location, device, or network used to access data or resources. By taking these attributes into account, granular access can provide even more fine-grained control over who has access to what, and under what conditions.

Implementing granular access

Implementing granular permissions can require careful planning of several factors:

1. Define and plan access controls

The first step is to define access policies that specify who has access to what data or resources and under what conditions. This can involve creating access control lists (ACLs), setting permissions and security levels, and establishing monitoring and audit controls.

Access control lists

Access control lists are a basic form of granular access control that allows administrators to define which users or groups have access to specific resources or data sources. This approach is simple to implement but may become unwieldy as the number of resources and users grows.

2. Using appropriate tools and technologies

Once the access policies have been defined, the next step is to implement permissions using appropriate tools, practices, and technologies. There are several different approaches to implementing granular access, primary approaches including:

• Access control lists
• Attribute-based access control (ABAC)
• Identity and access management (IAM) systems

Attribute-based access controls

Attribute-based access control is a more advanced form of granular access that uses a combination of attributes (such as user roles, location, time of day) to determine access to data and resources. This approach is more flexible than ACLs but can be more complex to manage and implement.

Figure 3. Attribute-based access control.Figure 3. Attribute-based access control.³

Role-based access controls

A role-based access control is an instance of a security model that restricts system access to authorized users based on their roles within an organization. Each u

Role-based access controls

A role-based access control is an instance of a security model that restricts system access to authorized users based on their roles within an organization. Each user is assigned a role, which is associated with a set of permissions or privileges that govern what actions they can take within the system. Individual user permissions within a role are typically defined by the system administrator and are based on the user’s responsibilities and job requirements.

Benefits of using RBAC

• Low risk of unauthorized access: RBAC controls granular access to resources and data, lowering the risk of unauthorized access or accidental data leakage. 
• Suitable for large corporations: RBAC is a popular method of managing user access to sensitive information and systems in large organizations.

ser is assigned a role, which is associated with a set of permissions or privileges that govern what actions they can take within the system. Individual user permissions within a role are typically defined by the system administrator and are based on the user’s responsibilities and job requirements.

Figure 4. Role based access controls.⁴

3. Consider Comprehensive solutions 

Identity and access management systems

Identity and access management (IAM) systems are comprehensive software solutions that provide centralized control over user identities, credentials, and access to resources. IAM systems typically include features such as access provisioning, authentication, authorization, and audit logging, making them a powerful tool for implementing granular access.

Content services platforms

Content services platforms (CSP) can offer granular permissions to filing systems, sensitive documents, servers or cloud storages. CSPs can also support and assist in file management next to its security capabilities, which can save employees time by reducing the need to search for documents.

Figure 5. Content services platforms use cases.

Benefits of granular access

There are several benefits of using granular access controls, including: 

1. Increased security

Granular permissions can provide increased security by allowing organizations to control access to all the data and resources more precisely without compromised security. This process can help prevent data breaches and other security incidents by limiting the number of people who have access to sensitive data.

2. Improved data privacy

Granular access can improve data privacy. Granular permissions can help organizations to control who has access to specific types of data and how that data is used. This can be especially important for organizations that deal with sensitive data, such as healthcare providers and financial institutions. 

Granular access controls, for example, can be used to ensure that electronic patient health information (e-PHI) is not changed or destroyed. Granular permissions can keep track of access logs and provide timestamps that correspond to the original document creation date.

3. Improved compliance

Granular access can help organizations comply with regulations and industry standards by providing an audit trail and documentation of who has accessed data and resources, and under what conditions.

The Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR) are some of the examples of such regulations.

4. Improved flexibility

Unlike other access control models, such as role-based access control (RBAC), granular access can be tailored to specific use cases. For example, in a healthcare setting, granular access can be used to restrict access to patient data to authorized personnel only. This could mean limiting access to certain types of data (e.g., medical history, lab results), or restricting access to specific individuals or groups based on their role (e.g., doctors, nurses, administrators).

4 use case examples for granular access

Granular access can be used in a variety of contexts and for various purposes:

1. Data protection in healthcare

Healthcare organizations deal with sensitive patient data that must be protected to ensure patient privacy and comply with regulations like HIPAA. 

2. Financial services 

Financial institutions must comply with a variety of regulations, including KYC (Know Your Customer) and AML (Anti-Money Laundering). Granular access can be used to ensure that only authorized personnel can gain access to customer data and enforce strict controls over access to sensitive financial information such as trade secrets.

3. Cloud computing

Cloud providers often offer granular access controls to their customers, allowing them to define specific access policies and passwords for different users or groups of web servers. This can help ensure that only authorized users can access certain cloud resources and that sensitive information is protected.

4. Internet of things (IoT)

IoT devices gather large amounts of data, some of which may be sensitive or confidential. Granular access can be used to ensure that only authorized devices and users can access this data and create and enforce strict controls over how the data is used, stored, and shared.

If you have questions on granular access, please contact us at:

Find the Right Vendors

1. ”Cost of Data Breach in 2022”. IBM. Retrieved March 10, 2023.
2. Google Trends.
3. “RBAC vs. ABAC”.DNSStuff. October 31, 2019. Retrieved March 12, 2023.
4. “How to Successfully Introduce Role Based Access Control into a Group Environment”. IdenHaus. March 31, 2017. Retrieved March 12, 2023.