When to use Atlas classifications for access control
Resource-based and tag-based policies are useful in different ways.
Ranger provides resource-based policies and tag-based policies. The following table provides some examples of when you would choose one type of policy over the other:
|Resource-based Policies||Tag-based Policies|
|Control access to data assets per service type (multiple policies for each data asset)||Control access to data assets across all service types|
|Control access to entire databases||Control access to columns in source tables that users can copy or transform to other tables|
|Control access to long-lived tables||Control access to data until it is reviewed/classified by setting an validity date|
|Control access to well-known columns in specific tables, which don't change over time|