Technologies are disclosed herein for secure data access. A client device accesses a slice of data using a ticket retrieved from a permissioned blockchain. To obtain the ticket, the client device submits ticket requests to multiple nodes of the permissioned blockchain. Each request identifies the slice of data, e.g. a particular row in a particular database table. Each request also includes parameters describing the circumstances of the request, such as the requesting user account, the geographic location of the computing device, etc. The permissioned blockchain stores each authorized combination of request parameters and data slices in a different access level block. If an access level block can be found that is associated with the requested slice of data and with all of the supplied parameters, and if that access level block grants permission, then the requested ticket is returned to the client device.