Access Grant with Structured Purpose
Access with a typed purpose and an expiry date. Not "just because".
Framework / standard: GDPR Art. 5(1)(b) · ISO/IEC 38505-1 (Authority)
A free-text access justification ("just because") makes purpose limitation indefensible. Linedat records every access grant with a typed purpose, a mandatory expiry and a revocation trail.
Closed-vocabulary purpose
The purpose is not free text: it is a closed vocabulary (analysis, reporting, quality assurance, incident investigation, integration, compliance audit, model training, operational support, regulatory reporting…). Reusing the data for another purpose requires a new grant.
Mandatory expiry and traceable revocation
Every grant has a mandatory expiry date and a revocation trail (who, when, why). It is an immutable authority record: it is not edited, it is revoked or it expires.
The limits (what we do not claim)
It is a defensible purpose record, NOT a runtime access gate: operational authorisation is still the user's role and groups; the grant does not yet block unauthorised access at runtime (follow-up). The "expired" status is read-time, not persisted.
How Linedat helps
Linedat materialises the GDPR purpose limitation principle as a defensible access record — typed purpose, expiry, revocation — ready for the DPO and the auditor.
Related capabilities
Authority is not imposed: it is delegated, the delegate accepts it, and it expires on its own.
3-Level RBAC with Separation of DutiesThe person who operates the data is not the person who governs it. By design.
RoPA: Record of Processing ActivitiesA RoPA that points to the real tables — not a disconnected spreadsheet.
