You can streamline your data governance requirements in Atlan with governance workflows and manage alerts, approvals, and tasks using the inbox. Governance workflows enable you to set up robust controls on data access management, metadata enrichment, new entity creation, and more, with out-of-the-box workflow templates and automated execution.
For example, instead of allowing your users to directly query data or update the certification status of an asset, you can specify assets that require advanced controls and create governance workflows to govern them. These workflows will run in the background, ensure that all required approvals are in place, and only then approve users with appropriate permissions to perform any action.
You can use governance workflows to ensure:
- Risk mitigation β determine how data is used and shared in your organization with automated access policies.
- Data security β manage requests for data access and processing to only allow access to authorized individuals or teams.
- Metadata change management β monitor and audit metadata changes to align with established organizational standards.
- New entity creation β manage and audit documentation of business context such as glossaries and tags to align with established organizational standards.
- Policy compliance β set up repeatable processes and approval flows for your data assets in Atlan to adhere to regulatory requirements β currently only applicable if you have also enabled the policy center module.
Workflow properties
A common set of properties are applicable to all governance workflows in Atlan:
- Only an admin user can create, update, or delete governance workflows.
- Out-of-the-box workflow templates.
- Predefined steps based on workflow selection.
- Must be associated with an asset type or action.
- Set up auto-approval rules for users, groups, or owners based on metadata attributes and policies.
- Activity logs for all workflows available by default.
- Visibility into the transition states of a workflow.
- Overlapping workflows β governance workflows provide you with the flexibility of creating workflows per team or business domain on the same set of assets instead of creating one complex workflow to cover all your use cases. Atlan will handle all the complexities, only allowing approvals to go through once all approval conditions have been met.
Workflow templates
You can choose from the following workflow templates to govern your assets and manage access:
Change management
This template allows you to control changes to metadata within your organization's data management and governance framework. Use cases include requests to:
- Add, update, and remove descriptions manually and using Atlan AI
- Add, update, and remove certificates
- Add, update, and remove an alias
- Link and remove terms from asset profile
- Add, update, and remove owners
- Attach, update, and remove tags
- Add, update, and remove custom metadata
- Add, update, and remove domains
- Add, update, and remove READMEs
- Add, update, and remove announcements
- Update and archive glossaries, categories, and terms
- Move terms and categories
Change management workflows will override any permissions assigned through user roles or access policies. For example, even for users with edit access, metadata update requests will go through change management workflows.
If there are no change management workflows in place, then users with edit access will be able to update metadata while users without edit access will only be able to suggest changes to metadata.
New entity creation
This template allows you to control the creation and publication of new glossaries, categories, terms, and tags in Atlan. The new entity creation workflow will override existing glossary policies and user role permissions to create new entities.
Whether you are an admin or a member user in Atlan, the existence of a new entity creation workflow means you will need to submit a request for creating new entities. Guest users are neither allowed to directly create nor suggest the creation of glossaries, categories, terms, and tags.
Data access approval
This template allows you to automate the process of requesting, approving, and revoking access to data assets in Atlan. This includes a combination of a self-service approach as well as mandating human intervention for approval. Use cases include requests to query data or view sample data.
- Access in Atlan β allow requesters to request data access for querying data in Insights and previewing sample data within Atlan only.
- Access everywhere using Jira β allow requesters to request data access for any tool. Atlan will create a support ticket in Jira Cloud for your team to grant data access and display the status of your request in Atlan. You will need to:
- Integrate Jira Cloud and Atlan.
- Link your individual Jira Cloud account to Atlan.
- Install or register a webhook.
-
Create a data access approval workflow to enable access everywhere using Jira.
- Add a Jira project and issue type and specify an issue status while creating the data access workflow.
- Your users will be granted access once the request is approved in Jira.
You can also revoke data access in Atlan or other data sources.
Policy approval
You will need to enable the policy center module to use the policy approval workflow template.
This template allows you to automate approvals for your data governance policies in Atlan. Automated policy approval workflows can help you streamline the approval process, facilitate compliance with regulatory standards, and simplify data governance for your organization.
Use cases include requests to:
- Create new policies
- Revise existing policies
Enable governance workflows and inbox
Β
To enable governance workflows and inbox for your Atlan users:
- From the left menu of any screen in Atlan, click Admin.
- Under the Workspace heading, click Labs.
- On the Labs page, under Preview features, turn on Governance Workflows and Inbox to govern your assets and manage alerts, approvals, and tasks in Atlan more effectively.
If you'd like to disable the Governance Workflows and Inbox module from your organization's Atlan workspace, follow the steps above to turn it off.
Once enabled, you can also temporarily disable the module and turn it on again as needed. For any governance workflows you may have created or existing requests, this will not result in any data loss.
Interactions with existing access control mechanisms
Once you have turned on governance workflows and inbox, the module will interact with existing access control mechanisms in Atlan as follows:
-
Requests: Atlan will channel requests and approvals through governance workflows and land them in the inbox.
- New requests β once you have enabled governance workflows and inbox, the requests widget will be replaced by an inbox and your member and guest users will not be able to raise any new requests until an admin user has created at least one governance workflow. To enable your member and guest users to raise new requests in Atlan:
- Create a change management governance workflow.
- Select all connections present in your Atlan workspace.
- Skip auto-approval.
- Select Anyone approves and list the users or groups designated as your Atlan admins.
- Publish your first governance workflow! Once published, this comprehensive workflow will allow your member and guest users to raise requests. Now you can focus on creating more use-case-driven workflows and consequently removing governed assets from the first workflow until you no longer need it.
- Existing requests β only admin users can take action on existing requests from the requests center. Your member and guest users will only be able to raise new requests on governed assets.Β
- New requests β once you have enabled governance workflows and inbox, the requests widget will be replaced by an inbox and your member and guest users will not be able to raise any new requests until an admin user has created at least one governance workflow. To enable your member and guest users to raise new requests in Atlan:
-
Personas and purposes:
- Metadata policies β your users must have read access to an asset for triggering governance workflows. If an asset is governed by a governance workflow, your users will be able to raise a request on that asset regardless of all allow/deny permissions in metadata policies.
-
Data policies:
- No data policy exists β if the workflow connection allows querying and previewing sample data but a data policy has not been configured, your users will be able to raise a data access request on governed assets in the connection.
- Data policy with explicit restrictions β if an existing data policy denies querying and previewing sample data and assets are governed by a governance workflow, your users will not be able toΒ raise a data access request on governed assets in the connection.
- Data policy with explicit grants β if an existing data policy allows querying and previewing sample data and assets are governed by a governance workflow, your users will be able to raise a data access request on governed assets in the connection.
- Glossary policies β if an asset (glossaries, categories, and terms) is governed by a governance workflow, your users will be able to raise a request on that asset regardless of all allow/deny permissions in glossary policies.
- Domain policies β governance workflows are currently not applicable to domain policies.
- User roles β if an asset is governed by a governance workflow, your users will be able to raise a request on that asset regardless of their role or permissions. For any asset not governed by a governance workflow, default role permissions will apply.
- Connection admins β if an asset is governed by a governance workflow, connection admins will have to go through the approval process for governed assets in the connection.
- Governance workflows will currently not be triggered for the following actions:
- Add associated terms
- Add, update, and remove categories for terms from term profile
- Add, update, and remove resources
- Add a README to a term using Atlan AI
- Link and remove terms from term profile
- Bulk updates through spreadsheet tools
- Bulk updates using playbooks
- Bulk updates using Atlan AI
- Bulk updates through API, SDK, and CLI operations
- Metadata updates in supported tools using Atlan browser extension