Governance, Security & Compliance

Compile-time RBAC, ABAC, row & column-level predicates, and audit. The layered model enterprise AI needs - including HIPAA-aligned clinical use.

5 posts

Governance is not a layer you bolt on after a query runs - it is structural to how the query gets compiled in the first place. In a semantic execution layer, RBAC, ABAC, and row/column-level predicates are evaluated at compile time, before any SQL touches the warehouse. Unauthorised queries fail compilation. Filtered-out rows are never read.

This collection covers the governance-by-design model that production AI demands. Posts explore fine-grained data access control as a compile-time concern rather than a runtime patch; how data authorisation breaks when meaning, identity, and policy are stored in three different systems; and what HIPAA-grade conversational analytics looks like when every query is provably grounded in the semantic graph and policy-aware before it executes.

You'll also find pieces on multi-tenant semantic isolation, audit trails that are point-in-time reproducible, and the regulatory consequences of letting an LLM emit ungoverned SQL against a regulated dataset. The argument running through them: governance should be a property of the compiler, not a wrapper around the answer. When policy is structural, compliance becomes the default, audit becomes free, and every AI agent inherits the enterprise's existing controls without a single new line of access logic.

All 27 Semantic Layer & AI Agents 13 Data Architecture & Modeling 6 Governance, Security & Compliance 5 Analytics & Search 3 Enterprise Strategy 3

Code-based access rules on the left and semantic-graph-bound policies on the right - illustrating governance bound to meaning, not files.

Governance 10 May 2026

The Semantic Control Plane: Compile-Time Governance for Enterprise AI

Bound to meaning, applied at compile time, enforced before SQL runs. Why runtime guardrails are too late.

Two side-by-side panels showing code-based access rules on the left and semantic-graph-bound policies on the right.

Governance 05 Apr 2026

Governance as Code -> Governance as Semantics

Code-based rules govern structure. Semantic governance attaches policy to meaning - and it is what AI agents actually need.

A natural-language clinical query passing through a HIPAA-aligned shield to produce an audited, redacted answer.

Healthcare 06 Jun 2025

Conversational Analytics for Clinical Data (HIPAA)

Safely leveraging AI for data insights in a regulated, audit-heavy environment.

A data table with cell-level masks - PII columns redacted, EU rows blocked, NA rows visible - all enforced at compile time.

Security 19 Nov 2023

Fine-Grained Data Access Control: Precision Security

RBAC + ABAC + row/column-level predicates - the layered model enterprise AI needs.

A user request passing through a policy gatekeeper that enforces RBAC, ABAC, row, and column rules - allowed paths reach the data, denied paths are blocked.

Security 20 Sep 2023

Data Authorization: The Problems and the Solution

Why authorization at the BI layer is structurally too late - and where it should live.

Stop building context twice.

One graph. Every agent compiles through it. Joins proven, policies enforced, SQL emitted.

Book a demo All posts