Really nice post. I have a wish that someday I would see this solution in our company. @jeffreyaven Masking is great, but what about ABAC for table privileges? Are you planning something on this area?

For example:

I could tag the tables as domain = procurement. Then I could create a policy saying, if user is in group procurement they have select privileges. If user is in group procurement + procurement-dev then they have also insert/update etc. With column masking and row filtering we could get to interesting combinations 🙂

The reason why I'm asking. With UC you can inherit privileges on tables from schema level. But if you want lower granularity you have to do it on table level. Then you are basically granting privileges on table by table which is not that great...