Data access governance for AI agents: what IAM teams should change

TL;DR: Access bottlenecks are slowing analytics and AI initiatives because traditional IAM tools were built for application access, not granular data governance, according to Collibra. The real issue is that manual, ticket-based controls cannot keep pace with governed self-service access for humans and AI agents.

NHIMG editorial — what this means for AI and NHI governance

By the numbers:

• 92% of data consumers at banks stated that the data they need is often unavailable or takes too long to be made available.

Questions worth separating out

Q: How should security teams govern access to sensitive data across multiple platforms?

A: Security teams should define a single entitlement model that covers the data layer, not just the application layer.

Q: Why do traditional IAM tools struggle with data access governance?

A: Traditional IAM tools were designed primarily for application access, where the main decision is whether a user can sign in and reach a system.

Q: When should organisations automate data access instead of using tickets?

A: Organisations should automate access when the request is recurring, low-risk, and policy-driven, such as standard analyst access or repeat AI consumption patterns.

Practitioner guidance

• Map data access controls separately from application IAM Document where database, schema, table, and column decisions are made today, then identify which of those decisions are still being handled outside the identity programme.
• Standardise masking rules for sensitive fields Define which fields must be masked by default, who can override masking, and how exceptions are approved and reviewed.
• Replace ticket-driven provisioning for repeat access patterns Identify recurring access requests for analysts, data engineers, and AI consumers, then convert them into policy-based entitlements with audit trails.

What's in the full announcement

Collibra's full blog post covers the operational detail this post intentionally leaves for the source:

• Preview-specific platform coverage for Snowflake, Databricks, and BigQuery access handling
• Implementation detail on the Edge connector, agent, and polling-based integration model
• Role-by-role examples showing how data governance leads, architects, and platform teams use the preview
• The product team's own explanation of how unified metadata and policy enforcement are packaged in the release

👉 Read Collibra's analysis of governed data access for AI and analytics →

Data access governance for AI agents: what IAM teams should change?

Explore further

View Full Forum →  |  NHI Foundation Course →