A method of managing user access to data includes detecting that a user seeks access to a data portion that belongs to a specified category. One or more authorizations are evaluated, each authorization having an authorization segment corresponding to the specified category. The method includes permitting the sought access to the data portion if at least one of the authorization segments corresponding to the specified category identifies the data portion to which access is sought. The method may permit access to data that falls within a union of granted authorizations. An authorization segment may correspond to a data dimension or to a meta dimension, such as an authorized action or data source, that does not directly relate to a data dimension.