Policy-based access control
Policies are managed by the data owner. They set out which entities are entitled to access the data within the associated data cell. Different data actions can have different access policies associated to them. The policies can also be used to implement delegation. Other entities might be designed to manage the owner's cell, if desired. In this case, the policy restricts what the managing entity can do with the owner's data.