Deployed an AI-powered RBAC orchestration platform leveraging Databricks Unity Catalog, Lakehouse Federation, Agentic AI, and Databricks Genie to create a seamless, automated role synchronization and enforcement system. The solution establishes Salesforce as the single source of truth for user identities and roles, then automatically propagates and enforces these permissions through intelligent, semantic-layer-backed secure views in Databricks, ultimately delivering role-isolated natural language analytics through Genie without manual intervention.

Semantic Layer-Backed Role-Aware Views
Built a Unity Catalog–driven semantic layer that virtualizes enterprise data into role-aware secure views, abstracting complex underlying Lakehouse structures into business-friendly constructs such as regions, teams, customer segments, and opportunity pipelines. These semantic views serve as the system of record for all Genie AI queries, ensuring consistent, governed, and auditable data access. The semantic layer applies field-level and row-level security rules based on user context, automatically masking sensitive attributes and filtering datasets according to hierarchical role permissions, without exposing underlying implementation details.

Lakehouse Federation for Real-Time Role Synchronization
Implemented Databricks Lakehouse Federation to create a logical bridge between the identity platform and Databricks, enabling real-time synchronization of roles, permissions, profiles, and organizational hierarchies into the Lakehouse governance layer. When role changes occur—promotions, transfers, permission updates—Federation automatically detects and propagates these changes into Unity Catalog, eliminating manual intervention and ensuring role definitions remain consistent across platforms. This continuous synchronization ensures that Genie and downstream analytics always operate on the latest approved access policies, even as the organization evolves.Implemented document intelligence capabilities using chunking, embeddings, and vector search so enterprise knowledge stored in documents can be searched and surfaced alongside structured analytics. This allows the platform to respond to questions that require both numerical performance signals and narrative or policy context from unstructured sources. As a result, stakeholders are no longer forced to choose between analytics tools and document repositories when trying to make informed decisions.

Deterministic RBAC Enforcement in the Semantic Layer
Designed a policy-driven enforcement layer within Unity Catalog and the semantic model that centralizes all access logic in one place instead of scattering it across tools. At query time, user context (role, organizational unit, managerial relationships, and granted permissions) is resolved and applied directly within the governed views. This guarantees that field-level masking, row-level filtering, and visibility rules are consistently enforced for every query, regardless of how users access data (SQL, Genie, or APIs), while keeping the exact implementation details opaque in the use case narrative.

Databricks Genie with Built-in RBAC Isolation
Integrated Databricks Genie AI/BI chatbot as the natural language interface, enabling users to ask questions such as “Show me Q4 performance for my region” or “List the top opportunities I own this quarter.” Genie is configured to query only the governed semantic views, never raw tables, so every response is automatically filtered to the user’s authorized scope based on their role and organizational context. A manager, for example, sees rolled-up insights across their team, while an individual contributor sees only their own book of business—enforced consistently across all Genie interactions without exposing schema details.

Unified Audit and Compliance Observability
Implemented an integrated audit framework that combines Databricks’ native governance logs with RBAC orchestration events to provide an end-to-end view of who accessed what, when, and under which role context. Every Genie query and every governed view access is captured with user identity, time, policy context, and high-level query intent, enabling auditors to ask questions such as “Who accessed sensitive financial attributes last quarter?” without needing to understand internal table or view names. This unified observability layer supports regulatory requirements around traceability and least-privilege access while remaining implementation-agnostic in external documentation.