Enhancing data security by implementing granular access control

Who you gonna call? Bytebusters!

A few weeks ago, we had the pleasure to participate in an exciting two-day hackathon with our colleagues from i8c, Integration Designers and Archers. We knew we were in for an exciting challenge. Organized by CornerBriX, this hackathon provided us with valuable lessons and knowledge that we are eager to share with you. Let’s dive into the details of one of the challenges we faced. We’re sharing the insights of 3 of our teams. First up, team Bytebusters…

Exploring innovative technology

Starting the hackathon, we faced a significant challenge: finding a way to enhance data security by implementing granular access control. Granular access involves regulating data and resource access on a per-user or per-group basis, which is an important topic in today’s digital landscape. Our objective was to categorize data into different security levels and to use these levels to filter and present data to internal and external users, while ensuring its encryption and security. Intrigued by this opportunity, we immediately began brainstorming. Being and having an mindset, we wanted to complete this challenge by only using out of the box Microsoft technology.

Trial, error, perfect match

To come to a solution, we first analyzed what our end goal should be and experimented with ‘Microsoft Purview’. We quickly realized that this approach did not provide the desired outcome. Although the service allowed data categorization, there was no way to consume the categorized data. It was time to put our heads together again. 

After a good brainstorm, we came up with the final solution. It can be visualized in this schema. Our team chose to use Azure AD B2C as the main authentication portal. This would allow external users as well as internal users to login to access data. After securing this, we developed a web portal with .NET Blazor. This user interface served as a gateway to our on-premises database server and documentation file server. The web portal allowed authentication through B2C and would then use API calls that were created using Azure API Management to retrieve and present data and documents to the end user.

If the user requested data through the API, a validation happened on the backend SQL server. Only data with the same categorization level as the user would return. In order to achieve data classification, our team used the out of the box SQL Data Classification functionality from the SQL Server itself. To maintain the user data classification, we then decided to store it as an user defined claim in Azure B2C. Because of this, a security admin would be able to control which data would be displayed to the user without any code changes.

In order to actually retrieve a document, we created a customized encryption mechanism, with an Azure function and Logic App, that could encrypt the document and then send it to the user for document visualization. The end user would only have 5 minutes to decrypt and view it. As a final touch, we ensured GDPR compliance by storing access logs for every user who accessed the data and the documents.

The hackathon presented us with a great challenge, but it was a rewarding experience from start to finish. We took great pleasure in finding a solution that exclusively utilized out of the box Microsoft technology, despite encountering some trial and error moments along the way. Through effective collaboration, we successfully created a suitable and innovative solution.
The CornerBriX hackathon taught us the importance of exploring cutting-edge technology and persisting through challenges as a team. We are excited to share our newfound knowledge with you and look forward to further opportunities for innovation in the future!

– Team Bytebusters (Tiago Costa, Hannelore Peeters, Axel Van Uffelen, Jochen Toelen)

Want to know more about working at

Let’s get in touch!

    Yes, I would like to receive the newsletter

    Yes, I agree with the terms & conditions