Keymate Logo

Smart Policies Powered by Metadata Awareness

Use column-level metadata like sensitivity, owner, or classification from OpenMetadata to drive fine-grained API authorization. Keymate connects metadata with your access control logic—enabling adaptive, compliant, and context-rich policies.

Smart Policies Powered by Metadata Awareness

From Metadata to Dynamic Access Control

Keymate integrates with OpenMetadata to bring rich context into your authorization decisions. You can: Use metadata like piiType, dataClassification, and owner directly in policy DSL. Dynamically evaluate API access based on runtime metadata attributes. Auto-sync metadata from OpenMetadata via Kafka-based event streaming. Control access to sensitive fields (e.g., phone, email) based on clearance level. Apply policies like: "Only analysts can read PII fields", "Allow access if user is resource owner", "Deny external access to classified:restricted columns". View and audit metadata-policy bindings in observability dashboards. This approach enables fine-grained, explainable access control based on real-time metadata changes.

Metadata-Driven Dynamic Access Control

Keymate integrates with OpenMetadata to bring rich context into your authorization decisions, enabling fine-grained, explainable access control based on real-time metadata changes.

Example: Use column-level metadata to drive fine-grained API authorization

Key Components:

OpenMetadata Integration
Kafka-based Event Sync
Column-Level Sensitivity
Metadata-Aware DSL
Real-time Policy Evaluation

What Makes It Unique

OpenMetadata Integration

Kafka-based event sync with OpenMetadata for PII, classification, owner data

Column-Level Sensitivity Support

Policies can evaluate metadata of individual fields (e.g., phone, email)

Metadata-Aware DSL

DSL expressions can use metadata directly: resource.piiType, resource.owner, etc.

Policy-Driven Masking & Blocking

Mask or block access dynamically based on metadata and user role

Audit & Observability

Track which metadata attributes influence access decisions

Dual-Direction Sync

Policies can also update or annotate metadata in some workflows

PII-Aware Templates

Policy templates can include conditional checks for metadata values

Frequently Asked Questions

OpenMetadata is a data catalog system. We use it to pull real-time metadata like PII flags, ownership, and data classification for use in policies.
Yes. Metadata attributes are mapped per column or field and can trigger fine-grained policies.
Yes. We use Kafka for event-driven sync, and tokens include enriched metadata context at runtime.
We support auto-discovery of metadata from OpenMetadata and optional custom mapping when needed.

How to Use This Feature

Follow these steps to enable metadata-driven access control.

Implementation Steps

1

Connect your OpenMetadata instance to Keymate

2

Enable real-time Kafka sync for metadata events

3

Write DSL policies using metadata attributes like resource.piiType, resource.owner, etc.

4

Apply column-level controls using metadata in resource definitions

5

Track metadata-driven access in audit dashboards

6

Optionally export metadata changes triggered by policies

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.