One example method includes signal of risk access control. Access control is performed based on metadata that includes at least an intent of use, a requestor, and an end user. Access to combinations of data or data sets are based on context metadata that is evaluated at the time of the request instead of after the fact. The context metadata and other labels applied to the data or data sets can be used to orchestrate data access control operations.