Skip to main content
Sift access control uses two strategies:
  • Role-based access control (RBAC)
  • Data access governance (DAG)
RBAC is the default system. DAG is an attribute-based access control (ABAC) implementation that provides more granular control.

RBAC vs DAG

Sift supports two access control strategies. Each strategy is suited for different organizational needs: Learn more about RBAC and DAG concepts.

Do I need DAG instead of RBAC?

Not all organizations need DAG. RBAC is often easier to configure and manage.
Decide whether to use RBAC or DAG based on your access requirements. DAG is not a one-size-fits-all solution. Most organizations will find RBAC sufficient and easier to manage. RBAC provides predefined roles with default permission sets across resources (such as Admin, Editor, Viewer, and Collaborator) and allows restricting access to specific assets. Use DAG when you need to control access across both users and resource types. For example, DAG can allow external users to view derived data (such as Reports or test results) without access to the underlying telemetry.