When to use Atlas classifications for access control
Resource-based and tag-based policies are useful in different ways.
Ranger provides resource-based policies and tag-based policies. The following table provides some examples of when you would choose one type of policy over the other:
| Resource-based Policies | Tag-based Policies |
|---|---|
| Control access to data assets per service type (multiple policies for each data asset) | Control access to data assets across all service types |
| Control access to entire databases | Control access to columns in source tables that users can copy or transform to other tables |
| Control access to long-lived tables | Control access to data until it is reviewed/classified by setting an validity date |
| Control access to well-known columns in specific tables, which don't change over time |
