Smart Policies Powered by Metadata

Dynamically enforce access control on sensitive data using real-time metadata from OpenMetadata. Classify, tag, sync, and authorize — automatically.

How Metadata Shapes Authorization in Keymate

Keymate integrates directly with OpenMetadata to enforce API-level access control based on live metadata like data classification, sensitivity level, and ownership. This allows organizations to define policies like: Only owners can edit PII-classified data, block access to "restricted" datasets from external tenants, or deny API calls if the metadata tag is "Confidential". All classification and metadata flows are synchronized in real time via Kafka, ensuring that your access decisions evolve as your data changes.

Metadata-Driven Policy Enforcement

Example DSL Policy: resource.classification == "PII" && resource.sensitivity != "high" && resource.owner == token.user.id

What Makes It Unique

OpenMetadata Integration

Pulls metadata like data classification, tags, and ownership into Keymate policies.

PII Detection and Tagging

Uses NLP/ML-based tag suggesters to classify sensitive fields like emails, names, or IDs.

Bidirectional Kafka Sync

Ensures metadata and access policy alignment using event-based streaming infrastructure.

Field-Level Evaluation

Enables column-aware access control decisions using metadata at the schema or entity level.

Audit-Ready Context Injection

Policy engine logs classification-based denials with reasons and metadata attributes.

Compliance by Design

Designed for GDPR, KVKK, HIPAA — aligning policy with actual data sensitivity.

Frequently Asked Questions

It means using live metadata (classification, tags, sensitivity) to influence access decisions. In Keymate, metadata is pulled from systems like OpenMetadata.

Keymate uses Kafka-based sync with OpenMetadata. New columns, datasets, or tags trigger events that update the policy context.

Yes. Metadata values become part of the resource context in DSL, e.g., resource.classification == "Confidential".

Absolutely. Metadata-aware controls are critical for enforcing GDPR, KVKK, HIPAA, and more. Policies reflect the actual data risk in real time.

How to Use This Feature

Follow these simple steps to enable metadata-aware policies.

Implementation Steps

Connect OpenMetadata to Keymate's Kafka topic

Let automated classifiers tag data fields with PII, security level, ownership

Write policies using metadata fields like resource.owner, resource.classification

Enforce access decisions in API Gateway or SDKs

View decision logs with metadata trace for audit

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.

Smart Policies Powered by Metadata

How Metadata Shapes Authorization in Keymate

Metadata-Driven Policy Enforcement

What Makes It Unique

OpenMetadata Integration

PII Detection and Tagging

Bidirectional Kafka Sync

Field-Level Evaluation

Audit-Ready Context Injection

Compliance by Design

Frequently Asked Questions

What is metadata-aware authorization?

How is metadata captured and kept up to date?

Can policies use metadata like PII, owner, or classification?

Is this suitable for compliance needs?

How to Use This Feature

Implementation Steps

Connect OpenMetadata to Keymate's Kafka topic

Let automated classifiers tag data fields with PII, security level, ownership

Write policies using metadata fields like resource.owner, resource.classification

Enforce access decisions in API Gateway or SDKs

View decision logs with metadata trace for audit

Ready to Transform Your Keycloak Experience?