When to use Atlas classifications for access control

Resource-based and tag-based policies are useful in different ways.

Ranger provides resource-based policies and tag-based policies. The following table provides some examples of when you would choose one type of policy over the other:

Resource-based Policies Tag-based Policies
Control access to data assets per service type (multiple policies for each data asset) Control access to data assets across all service types
Control access to entire databases Control access to columns in source tables that users can copy or transform to other tables
Control access to long-lived tables Control access to data until it is reviewed/classified by setting an validity date
Control access to well-known columns in specific tables, which don't change over time