{"id":42390,"date":"2026-01-13T15:58:36","date_gmt":"2026-01-13T14:58:36","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=42390"},"modified":"2026-02-24T09:56:39","modified_gmt":"2026-02-24T08:56:39","slug":"scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/","title":{"rendered":"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-delphix-a-quick-refresher\">Delphix: A Quick Refresher<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.perforce.com\/products\/delphix\"><strong>Delphix<\/strong><\/a> is a software-defined data platform designed to automate and secure the data lifecycle. To handle data at scale without the usual operational friction, it relies on three pillars:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/www.perforce.com\/products\/delphix\/continuous-data\">Continuous Data<\/a> <\/strong><em>(Virtualization)<\/em> : This <strong>virtual appliance<\/strong> ingests production sources to create compressed <strong>dSources<\/strong>. You can then provision virtual clones (<strong>VDBs<\/strong>) in minutes. It\u2019s not just about optimizing storage via block-sharing, it\u2019s about drastically slashing refresh times, moving from hours of manual DB cloning to a few minutes of automation.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.perforce.com\/products\/delphix\/continuous-compliance\">Continuous Compliance<\/a> <\/strong><em>(Masking)<\/em> : Acting as the compliance safeguard, this <strong>virtual appliance<\/strong> anonymizes sensitive data (GDPR, etc.) while keeping referential integrity intact across applications. You get usable test data without the risk of a data leak or a legal headache. For more information, you can read my other blog <a href=\"https:\/\/www.dbi-services.com\/blog\/data-anonymization-as-a-service-with-delphix-continuous-compliance\/\">Data Anonymization as a Service with Delphix Continuous Compliance<\/a>.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.perforce.com\/products\/delphix\/data-control-tower\">Data Control Tower<\/a> <\/strong><em>(DCT)<\/em> : The central Control Plane. Unlike the engines above, DCT is a platform that unifies everything through a single API. It also provides a dedicated interface where developers can manually manage their own resources in total autonomy, without needing a DBA behind them for every refresh. It effectively turns isolated instances into a programmable, self-service infrastructure.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-abac-approach-beyond-static-roles\">The ABAC Approach: Beyond static roles<\/h2>\n\n\n\n<p>Access management usually relies on the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Role-based_access_control\"><strong>RBAC<\/strong><\/a> (<em>Role-Based Access Control<\/em>) model. In this setup, permissions are tied to roles (like &#8220;Developer&#8221; or &#8220;Analyst&#8221;) and users simply inherit whatever their role allows. While this works fine at the start, it quickly becomes a rigid mess as projects multiply, usually leading to a &#8220;role explosion&#8221; that\u2019s a nightmare to maintain.<\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Attribute-based_access_control\"><strong>ABAC<\/strong><\/a> (<em>Attribute-Based Access Control<\/em>) takes a different path: rights aren&#8217;t frozen into a static role anymore. Instead, they are determined dynamically based on attributes (characteristics of the resource, the user, and the environment). It\u2019s a shift from <em>Who are you?<\/em> to <em>What are you trying to access and does it match your current context?<\/em>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-delphix-dct-leveraging-tags-for-smarter-data-governance\">Delphix DCT: Leveraging Tags for Smarter Data Governance<\/h2>\n\n\n\n<p>The real strength of <strong>Delphix Data Control Tower (DCT)<\/strong> lies in its ability to leverage <strong>tags<\/strong> for strict resource segregation. In a sprawling enterprise environment, global visibility is rarely a feature; it\u2019s more of a liability. By mapping specific tags to your resources, you define isolated management boundaries that actually make sense for the business.<\/p>\n\n\n\n<p>This setup ensures that teams only see the infrastructure they are responsible for. It\u2019s a clean way to enforce the <strong><a href=\"https:\/\/en.wikipedia.org\/wiki\/Principle_of_least_privilege\">Least Privilege<\/a><\/strong> principle without the administrative overhead of manual role mapping. By restricting a user&#8217;s scope to their specific tags, you eliminate the risk of someone interact with an environment they weren&#8217;t even supposed to know existed. It\u2019s about creating a workspace where developers can be autonomous within their own perimeter, while the rest of the infrastructure remains safely out of sight (and out of reach).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-abac-in-action-configuring-dynamic-access-control-in-delphix-dct\">ABAC in Action: Configuring Dynamic Access Control in Delphix DCT<\/h2>\n\n\n\n<p>Even when managing a massive Delphix environment, you can strictly limit a developer&#8217;s or DevOps engineer&#8217;s visibility to only the resources they actually own. Through the unified DCT platform, they get a consolidated view of their specific objects only :<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d8f49d093c5&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d8f49d093c5\" class=\"wp-block-image wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"306\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-10-1024x306.png\" alt=\"\" class=\"wp-image-42468\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-10-1024x306.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-10-300x90.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-10-768x229.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-10-1536x458.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-10.png 1887w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d8f49d09b59&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d8f49d09b59\" class=\"wp-block-image size-large wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"282\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-7-1024x282.png\" alt=\"\" class=\"wp-image-42464\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-7-1024x282.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-7-300x83.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-7-768x212.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-7-1536x423.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-7.png 1877w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n<div class=\"wp-block-image\">\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d8f49d0a1e3&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d8f49d0a1e3\" class=\"aligncenter size-large wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"282\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/dsources-1024x282.png\" alt=\"\" class=\"wp-image-42469\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/dsources-1024x282.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/dsources-300x83.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/dsources-768x212.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/dsources-1536x423.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/dsources.png 1876w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-left\">In the three images above, each component is identified by the tag <code>Team: BlogTeam<\/code>. This key-value pair is directly tied to the permissions assigned to the current user. In this specific scenario, a user belonging to the <code>BlogTeam <\/code>access group is granted the following roles:<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d8f49d0a84b&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d8f49d0a84b\" class=\"wp-block-image size-large wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"298\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-11-1024x298.png\" alt=\"\" class=\"wp-image-42471\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-11-1024x298.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-11-300x87.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-11-768x224.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-11-1536x448.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-11.png 1891w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p class=\"has-text-align-left\">While these roles might seem overly permissive at first glance, the <strong>ABAC<\/strong> framework in Delphix allows for granular control. It ensures that these permissions are dynamically scoped, applying only to the specific resources that match the user&#8217;s attributes.<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d8f49d0ae96&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d8f49d0ae96\" class=\"wp-block-image size-large wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"214\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-12-1024x214.png\" alt=\"\" class=\"wp-image-42472\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-12-1024x214.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-12-300x63.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-12-768x161.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-12-1536x321.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-12.png 1869w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>It is important to understand that ABAC in Delphix DCT isn&#8217;t just a &#8220;view-only&#8221; filter ; it doesn\u2019t just dictate <em>who sees what<\/em>, it defines <em>who can do what<\/em>.<\/p>\n\n\n\n<p>By combining roles with tag-based scopes, you can achieve surgical precision in your permissions. For instance, a developer might be granted the <code>Provision VDBs<\/code> right on all resources tagged with <code>Team : BlogTeam<\/code>, while only having <code>Refresh<\/code> or <code>Snapshot<\/code> capabilities on VDBs tagged with <code>Environment: Integration<\/code>. This ensures that even within the same project, critical actions are restricted to the right people at the right time, without ever needing to touch a single manual access list.<\/p>\n\n\n\n<p>The true power of Delphix DCT lies in its ability to transform a basic administrative task (tagging) into a robust automated governance engine. It provides administrators with absolute control while ensuring developers operate within a streamlined interface, strictly confined to their specific workspace.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-dct-moving-from-gui-management-to-api-first-governance\">DCT: Moving from GUI Management to API-First Governance<\/h2>\n\n\n\n<p>Integrating Delphix into a modern CI\/CD pipeline means saying a final goodbye to manual clicks. Thanks to DCT\u2019s <strong>API-First architecture<\/strong>, every resource is treated as a programmable object. By using tags as dynamic filters, you stop managing environments by their names or IP addresses and start orchestrating them by their business properties.<\/p>\n\n\n\n<p>The real beauty here is the ability to script complex workflows in just a few lines of code. Instead of manually triggering a refresh for ten different test databases (a task as tedious as it is prone to error) your pipeline can simply query the API to identify every resource tagged with <code>Team : BlogTeam<\/code> and fire off the operation simultaneously. This approach doesn&#8217;t just save precious time; it ensures total reproducibility while eliminating the <em>human factor<\/em>.<\/p>\n\n\n\n<p>To give you a concrete example, the following Python snippet shows how to authenticate with the DCT API and retrieve details for all VDBs associated with the specific tag <code>Team : BlogTeam<\/code> :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>import requests, urllib3, logging\nfrom typing import List, Dict, Any\n\nurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\nlogging.basicConfig(level=logging.INFO, format=\"%(levelname)s: %(message)s\")\nlogger = logging.getLogger(__name__)\n\nclass Config:\n    dct_url = \"https:\/\/&lt;DELPHIX_ENGINE_URL&gt;\/dct\/v3\"\n    username = \"YOUR_USERNAME\"\n    password = \"YOUR_PASSWORD\"\n\nclass DctApiClient:\n    def __init__(self, cfg):\n        self.cfg = cfg\n        self.token = None\n\n    def authenticate(self):\n        try:\n            r = requests.post(f\"{self.cfg.dct_url}\/login\", \n                json={\"username\": self.cfg.username, \"password\": self.cfg.password}, verify=False)\n            self.token = r.json()&#091;\"access_token\"]\n            logger.info(f\"Connected (expires in {r.json().get('expires_in')}s)\")\n            return True\n        except Exception as e:\n            logger.error(f\"Authentication failed: {e}\")\n            return False\n\n    def headers(self):\n        return {\"Authorization\": f\"Bearer {self.token}\", \"Accept\": \"application\/json\"}\n\n    def get_vdbs_by_tag(self, tag_key: str, tag_value: str) -&gt; List&#091;Dict&#091;str, Any]]:\n        vdbs = requests.get(f\"{self.cfg.dct_url.replace('\/dct\/v3', '\/v3')}\/vdbs\", \n                           headers=self.headers(), verify=False).json().get('items', &#091;])\n        \n        filtered = &#091;v for v in vdbs if any(t.get('key')==tag_key and t.get('value')==tag_value \n                                           for t in v.get('tags', &#091;]))]\n        logger.info(f\"{len(filtered)} VDB(s) found\")\n        \n        for v in filtered:\n            status_color = '\\033&#091;92m' if v.get('status','').lower()==\"running\" else '\\033&#091;91m'\n            print(f\"\\n{'='*35}\\n{v.get('name'):20} | {status_color}{v.get('status')}\\033&#091;0m\\n\"\n                  f\"ID: {v.get('id')}\\nType: {v.get('database_type')}\\n{'='*35}\")\n        return filtered\n\nif __name__ == \"__main__\":\n    client = DctApiClient(Config)\n    if client.authenticate():\n        client.get_vdbs_by_tag(\"Team\", \"BlogTeam\")<\/code><\/pre>\n\n\n\n<p>And the result :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>INFO: Connected (expires in 86400s)\nINFO: 1 VDB(s) found\n\n===================================\nVDB_BLOG             | RUNNING\nID: 1-MSSQL_DB_CONTAINER-190\nType: MSSql\n===================================<\/code><\/pre>\n\n\n\n<p>While Python offers great flexibility for complex logic, the same result can be achieved more concisely using the <a href=\"https:\/\/dct.delphix.com\/docs\/latest\/dct-toolkit\">dct-toolkit<\/a>. This native CLI tool simplifies interactions with the DCT engine, allowing you to execute the same resource filtering with a single command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>dct-toolkit search_vdbs -c name,tags filter_expression \"tags CONTAINS {key EQ 'team' AND value EQ 'BlogTeam'} \"<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion-bridging-governance-and-agility\"><strong>Conclusion: Bridging Governance and Agility<\/strong><\/h2>\n\n\n\n<p>In summary, implementing <strong>ABAC<\/strong> within <strong>Delphix Data Control Tower<\/strong> marks the end of an era where security was synonymous with administrative friction. By using tags as the foundation of your governance, you transform a complex data infrastructure into a granular, secure self-service ecosystem. It is no longer the tool dictating your processes, but your business requirements dynamically driving access control.<\/p>\n\n\n\n<p>A major advantage of this model is the seamless onboarding of new developers. Instead of manually configuring complex permissions for every newcomer, simply assigning the appropriate tags allows them to be productive instantly, with immediate and secure visibility over their specific scope.<\/p>\n\n\n\n<p>This approach opens the door to advanced use cases that we have only scratched the surface of here:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Automated Self-Service:<\/strong> Integrating tag creation directly into your provisioning processes so that resources are immediately isolated within the correct perimeter.<\/li>\n\n\n\n<li><strong>FinOps &amp; Showback:<\/strong> Leveraging this same tagging logic to accurately allocate storage and compute costs by project or team.<\/li>\n\n\n\n<li><strong>Dynamic Data Masking:<\/strong> Automating masking jobs based on tag criticality (e.g., <code>Criticality : Confidential<\/code>), ensuring no sensitive data leaves the production environment without protection.<\/li>\n<\/ul>\n\n\n\n<p id=\"h-wrap-up\">And you? How are you managing access in your non-production environments for developers? Is API automation already at the heart of your <strong>DataOps<\/strong> strategy? Let\u2019s discuss it in the comments, or feel free to reach out to explore these topics further.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ABAC in Delphix Data Control Tower automates governance via tags, providing granular control and full autonomy for developers.<\/p>\n","protected":false},"author":157,"featured_media":42392,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3402],"tags":[494],"type_dbi":[],"class_list":["post-42390","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-delphix","tag-delphix"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature - dbi Blog<\/title>\n<meta name=\"description\" content=\"ABAC in Delphix DCT automates governance via tags, providing granular control and full autonomy for developers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature\" \/>\n<meta property=\"og:description\" content=\"ABAC in Delphix DCT automates governance via tags, providing granular control and full autonomy for developers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-13T14:58:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-24T08:56:39+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2540\" \/>\n\t<meta property=\"og:image:height\" content=\"569\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Louis Tochon\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Louis Tochon\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/\"},\"author\":{\"name\":\"Louis Tochon\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/e4195b0cb120295b3407a502c23e75b6\"},\"headline\":\"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature\",\"datePublished\":\"2026-01-13T14:58:36+00:00\",\"dateModified\":\"2026-02-24T08:56:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/\"},\"wordCount\":1196,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png\",\"keywords\":[\"delphix\"],\"articleSection\":[\"Delphix\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/\",\"name\":\"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png\",\"datePublished\":\"2026-01-13T14:58:36+00:00\",\"dateModified\":\"2026-02-24T08:56:39+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/e4195b0cb120295b3407a502c23e75b6\"},\"description\":\"ABAC in Delphix DCT automates governance via tags, providing granular control and full autonomy for developers.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png\",\"width\":2540,\"height\":569},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/e4195b0cb120295b3407a502c23e75b6\",\"name\":\"Louis Tochon\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/ce0ee48c64e763e6c4076e21c80729d15bc4493288aeb8695125c69082100e10?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ce0ee48c64e763e6c4076e21c80729d15bc4493288aeb8695125c69082100e10?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ce0ee48c64e763e6c4076e21c80729d15bc4493288aeb8695125c69082100e10?s=96&d=mm&r=g\",\"caption\":\"Louis Tochon\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/louistochon\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature - dbi Blog","description":"ABAC in Delphix DCT automates governance via tags, providing granular control and full autonomy for developers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/","og_locale":"en_US","og_type":"article","og_title":"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature","og_description":"ABAC in Delphix DCT automates governance via tags, providing granular control and full autonomy for developers.","og_url":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/","og_site_name":"dbi Blog","article_published_time":"2026-01-13T14:58:36+00:00","article_modified_time":"2026-02-24T08:56:39+00:00","og_image":[{"width":2540,"height":569,"url":"http:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png","type":"image\/png"}],"author":"Louis Tochon","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Louis Tochon","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/"},"author":{"name":"Louis Tochon","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/e4195b0cb120295b3407a502c23e75b6"},"headline":"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature","datePublished":"2026-01-13T14:58:36+00:00","dateModified":"2026-02-24T08:56:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/"},"wordCount":1196,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png","keywords":["delphix"],"articleSection":["Delphix"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/","url":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/","name":"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png","datePublished":"2026-01-13T14:58:36+00:00","dateModified":"2026-02-24T08:56:39+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/e4195b0cb120295b3407a502c23e75b6"},"description":"ABAC in Delphix DCT automates governance via tags, providing granular control and full autonomy for developers.","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/image-2.png","width":2540,"height":569},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/scaling-data-governance-why-abac-is-my-favorite-delphix-dct-feature\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Scaling Data Governance: Why ABAC is My Favorite Delphix DCT Feature"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/e4195b0cb120295b3407a502c23e75b6","name":"Louis Tochon","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/ce0ee48c64e763e6c4076e21c80729d15bc4493288aeb8695125c69082100e10?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ce0ee48c64e763e6c4076e21c80729d15bc4493288aeb8695125c69082100e10?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ce0ee48c64e763e6c4076e21c80729d15bc4493288aeb8695125c69082100e10?s=96&d=mm&r=g","caption":"Louis Tochon"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/louistochon\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/42390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/157"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=42390"}],"version-history":[{"count":40,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/42390\/revisions"}],"predecessor-version":[{"id":43142,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/42390\/revisions\/43142"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media\/42392"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=42390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=42390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=42390"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=42390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}