Why It Matters?
PII data is a target of almost all attacks that result in ransomware, with subsequent loss of brand value and leaking of sensitive data for identity theft.
What Exactly Does This Policy Do?
This policy explicitly forbids access to a database with PII data unless the user is in a pre-approved role. This is also an example of implementing RBAC in a fine-grained authorization policy.
