Purposes provide ways to interact with tagged assets. They address two main objectives:
- Grouping assets together in ways they may be used by many teams — for example, by project or domain
- Controlling access to very granular, typically sensitive data
When defining a purpose, you choose its tags. Atlan then considers all assets with at least one of those tags as part of the purpose.
Asset curation by domain
One way you can use purposes is to curate assets. In this approach, the purpose's tag tends to be a domain. For example, this could be a project or an area of your organization's business.
Through the purpose, you can grant permissions to assets with that tag.
Granular data protection
The other way you can use purposes is to enforce granular data protection. In this approach, the purpose's tag tends to be some level of information sensitivity. For example, this could be personally-identifiable information (PII) or confidential internal financial metrics.
These sensitivity tags will tend to be against granular data assets — often columns. Personas tend to control permissions at a broader level, for example entire data sources, databases or schemas. Through these more granular tags, purposes give you more fine-grained control. And you can layer this on top of the permissions granted by personas.
For example, you might grant permission to preview and query a database to a group of users through a persona. But you don't want those users to be able to see any PII data — specific columns — wherever they appear in the database. There could be hundreds of these columns, scattered across thousands of tables. By tagging the columns, you can restrict access to them through a single policy in a purpose. This way you don't need to maintain many separate per-column policies through a persona.