{"podcast":{"title":"Data Engineering Podcast","slug":"data-engineering-podcast","podcast_index_feed_id":403671,"rss_url":"https://serve.podhome.fm/rss/1c0357c0-6aba-5766-a2d5-2090d8dab6bc","website_url":"https://www.dataengineeringpodcast.com","image_url":"https://assets.podhome.fm/f6ff0caa-931b-4c08-bfdd-08dc7f5cd336/638557928872209534cover.jpg","author":"Tobias Macey","episode_count":510,"summary":"This show goes behind the scenes for the tools, techniques, and difficulties associated with the discipline of data engineering. Databases, workflows, automation, and data manipulation are just some of the topics that you will find here.","last_synced_at":null,"page_url":"https://stenobird.com/podcast/data-engineering-podcast"},"episode":{"title":"Beyond the Perimeter: Practical Patterns for Fine‑Grained Data Access","slug":"beyond-the-perimeter-practical-patterns-for-fine-grained-data-access","published_at":"2025-10-27T01:32:48+00:00","page_url":"https://stenobird.com/podcast/data-engineering-podcast/beyond-the-perimeter-practical-patterns-for-fine-grained-data-access","show_page_url":"https://stenobird.com/podcast/data-engineering-podcast","url":"https://www.dataengineeringpodcast.com/identity-credentials-access-management-for-data-systems-episode-486","audio_url":"https://op3.dev/e/dts.podtrac.com/redirect.mp3/serve.podhome.fm/episode/f6ff0caa-931b-4c08-bfdd-08dc7f5cd336/638971245118030966f5967595-68b3-4325-b539-ecc104db97a8.mp3","summary":"Modern composable data architectures have fractured governance, making fine-grained access control across warehouses, lakes, and streaming systems incredibly difficult. This episode explores practical patterns for unifying identity, policy, and provenance to achieve true trust composition.","meta_description":"Learn practical patterns for fine-grained data access, from JWT identity propagation to Zanzibar-style policy models and database proxies.","key_points":["Main idea: The shift to composable ecosystems has exploded the integration burden, making unified auditability across disparate data stores a critical challenge","Practical takeaway: Use short-lived credentials and propagate user identity via JWTs to maintain a chain of trust from the API down to the database","Failure mode: Relying on static secrets or manual credential injection for machine-to-machine access creates massive security vulnerabilities in AI-driven workloads","Practical takeaway: Externalize authorization logic using engines like OPA/Rego or Cedar to enforce consistent GDPR and HIPAA policies across the stack","Main idea: The industry's biggest gap is 'trust composition'—the ability to verify the entire chain of provenance, policy, and identity for every data access request"],"chapters":[{"start_ms":350000,"title":"The Challenge of Identity in Data Systems","summary":"Matt discusses the historical difficulty of managing access control as data systems have evolved from monolithic databases to complex, distributed ecosystems."},{"start_ms":660000,"title":"Propagating Identity via Token Chains","summary":"An exploration of using OAuth tokens and security token services to maintain user context through multiple API layers down to the data layer."},{"start_ms":940000,"title":"Externalizing Policy with Cedar and OPA","summary":"How to use policy engines to define and enforce complex regulatory requirements like GDPR and HIPAA across various data interfaces."},{"start_ms":1260000,"title":"Catalog-Driven Governance","summary":"Using data catalogs to provide visibility into API elements and identify sensitive data fields like SSNs for better filtering and control."},{"start_ms":1540000,"title":"The Complexity of Composable Infrastructure","summary":"Discussing the tension between the benefits of composable data stacks and the massive overhead of managing security at scale."},{"start_ms":2110000,"title":"Securing Machine-to-Machine Workloads","summary":"Strategies for moving beyond device-level security to workload-level attestation to prevent attackers from leveraging stolen credentials."},{"start_ms":3290000,"title":"Using Proxies for Row-Level Security","summary":"Implementing database proxies as a way to inject fine-grained security controls into legacy tools that lack native support."}],"topics":["Data Governance","Identity and Access Management","Fine-Grained Access Control","Zero Trust Architecture","Data Security","Policy as Code","Cloud-Native Security","Data Engineering"],"duration_seconds":3900,"processing_state":"processed","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/data-engineering-podcast/episodes/beyond-the-perimeter-practical-patterns-for-fine-grained-data-access/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/data-engineering-podcast/beyond-the-perimeter-practical-patterns-for-fine-grained-data-access.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}