IRI software makes it easy for data and information stewards to control the data that Data Warehouse ETL architects, business users, governance teams, and report designers can access or affect. The ability to mask data during movement, manipulation, and reporting (for example), allow you to build data stewardship into your processes.
The platform-agnostic and server-independent nature of IRI software also means that you can use existing frameworks like Active Directory object assignments to manually apply role based access controls (RBAC) at various levels (data, metadata and executable files). In addition, access to masked data in products like IRI FieldShield can be controlled through differential access to job scripts and field encryption keys.
IRI metadata access and activity can be further role-managed through free Eclipse team plug-ins like Git, CVS, and Subversion, or the erwin EDGE (AnalytiXDS data governance) platform's IAM-controlled release manager for ETL, data quality, data masking, etc. projects in the IRI Voracity platform (which includes FieldShield, DarkShield, et al). You can also control access to the IRI Workbenchclient itself, or to the workspaces for Voracity and/or constituent products like FieldShield, at the O/S or VM level.
The IRI Chakra Max database activity monitoring and database audit and protection (DAM/DAP) software -- provides built-in RBACs within granular policy-setting modules for 20 popular on-premise and cloud databases. These server-stored policies apply to all monitored databases, and to included dynamic data masking functionality.
See these Data Governance FAQs to understand how IRI software products currently support RBAC.
Finally and in addition, IRI is now developing job-, data source-, and field-level data governance (IAM/authentication and lineage logs) directly within the core SortCL program, from which products like Voracity, FieldShield, and NextForm run. This will enforce RBAC at very granular levels of each job with different options defined for permission-denied behavior as determined in a secure policy file created in IRI Workbench.