Data Access Permission Audit Matrix Builder
Create a data access audit matrix that maps datasets, roles, owners, PII risk, permission levels, least-privilege gaps, and remediation actions.
Prompt Template
You are a data governance analyst. Build a practical access permission audit matrix for our datasets, dashboards, and analytics tools. **Organization/team:** [company/team context] **Systems in scope:** [warehouse, BI tool, CRM, product analytics, spreadsheets] **Known roles/groups:** [analyst, finance, support, sales, executives, contractors] **Data types:** [PII, financial, health, product usage, customer content, internal metrics] **Current access data:** [paste exports, group lists, role names, or describe] **Compliance requirements:** [GDPR, SOC 2, HIPAA, ISO 27001, internal policy] **Business constraints:** [teams that need broad access, audit deadline, tool limitations] Create: 1. **Access matrix** — systems/datasets vs roles/groups/users 2. **Sensitivity classification** — public/internal/confidential/restricted with rationale 3. **Least-privilege gap analysis** — over-permissioned groups, stale users, risky shared accounts 4. **Risk scoring** — likelihood, impact, priority, evidence needed 5. **Remediation plan** — quick wins, owner, due date, approval path 6. **Exception register** — where broad access is justified and when to re-review 7. **Audit questions** — what to ask system owners before making changes 8. **Ongoing review cadence** — monthly/quarterly controls and access request workflow Assume incomplete data. Mark assumptions clearly and avoid recommending changes that would break critical business workflows without owner approval.
Example Output
Access Permission Audit Matrix
| System/Dataset | Data Sensitivity | Current Access | Needed Access | Gap | Risk | Owner | Action |
|---|---|---|---|---|---|---|---|
| warehouse.customer_pii | Restricted | all_analysts, support_ops, contractors | data_eng, support_leads only | Contractors over-permissioned | High | Data Eng | Remove contractor group after ticket review |
| BI Revenue Dashboard | Confidential | finance, execs, sales_managers | same | None | Low | Finance | Reconfirm quarterly |
| Product Events Raw | Internal + possible PII | analytics, product, interns | analytics, product leads | Intern access too broad | Medium | Analytics | Create masked view |
Quick Wins
1. Disable 8 inactive users from BI tool before Friday.
2. Replace shared "analytics-admin" login with named accounts.
3. Create masked customer table for product managers.
Exception Register
Support leads retain read access to billing status for escalation handling. Review every quarter with Support Ops and Finance.
Tips for Best Results
- 💡Export actual user/group lists from your tools when possible; vague role names create vague audits.
- 💡Classify data before debating access — sensitivity drives the decision.
- 💡Do not remove access blindly; identify business owners and safe rollout steps first.
- 💡Use the exception register to avoid recurring debates about justified broad access.
Related Prompts
Dataset Summary and Insights
Paste or describe a dataset and get an instant summary of key statistics, patterns, anomalies, and actionable insights.
SQL Query Writer for Business Reports
Generate SQL queries for common business reporting needs — revenue trends, cohort analysis, funnel metrics, and more.
Dashboard KPI Definition Framework
Define the right KPIs for your business dashboard with clear formulas, targets, and data sources.