GRC: Entity Based Access for AI assets

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 2 min. de leitura

    • The GRC: Entity Based Access application enables you to segregate data on the AI asset records to ensure that only authorized users can access sensitive AI Risk and Compliance data while maintaining visibility into core entities. Entity-based access administrators can use this application to set up secure, controlled access to various AI assets and its related objects.

    GRC: Entity Based Access for AI assets

    Entity-Based Access (EBA) is a security feature designed to provide granular, data-level access control within AI Risk and Compliance application. Unlike role-based access control, EBA decides which records a user can access based on business entities such as departments, regions, or business units. This approach ensures that sensitive information is only accessible to authorized users, aligning with organizational compliance and confidentiality requirements.

    AI Risk and Compliance managers can access risks, controls, related entities, issues, indicators, AI asset tasks, risk assessments, attestations, and AI assets data through entity-based access. Entities themselves stay visible to all users, while visibility of linked records is limited to authorized users.

    When a user is qualified based on these configurations and has the minimum required roles, they have access to the following tables:
    • AI system [sn_grc_ai_gov_ai_system]
    • AI system entity [sn_grc_ai_gov_ai_system_entity_map]
    • AI system task [sn_grc_ai_gov_ai_system_task]

    Configure GRC: Entity Based Access

    The following tasks must be performed to enable and use GRC: Entity Based Access for the AI asset records.
    1. Install the GRC: Entity Based Access application. For more information, refer to Install the Entity Based Access application.
    2. Enable or disable the entity-based Access properties to control access to the objects that are associated with an AI asset. For more information, refer to Set up Entity Based Access properties.
    3. Configure an entity class for a linked object by using the GRC: Entity Based Access application. For more information, refer to Configure an entity class for a linked object.
      Nota:
      Entities created with an AI asset are assigned an entity class such as AI system, AI model, dataset, or MCP server, depending on their category. To apply access restrictions to these entities, you must configure the appropriate entity class settings.
    4. Configure an entity type by using the GRC: Entity Based Access application. For more information, refer to Configure an entity type for a linked object.
    5. Set access restrictions for the existing records in bulk by using the entity-based record access update utility guided-experience. For more information, refer to Set access restrictions using an entity based record access update utility.
    6. Configure entity-based record access rules on record types to apply access restrictions to new records automatically. For more information, refer to Configure entity-based record access rules.
      Nota:
      Three records are provided by default, each with specific field configurations. The AI Asset record (sn_grc_ai_gov_ai_system) includes Analyst and Business owner as user fields, and Analyst Group as a group field. For AI Asset task (sn_grc_ai_gov_ai_system_task), you can find Assigned to and Watch list as user fields. The Related Entity record (sn_grc_ai_gov_ai_system_entity_map) doesn’t have any user or group fields configured by default.