What are purposes?

Purposes provide ways to interact with tagged assets. They address two main objectives:

  • Grouping assets together in ways they may be used by many teams β€” for example, by project or domain
  • Controlling access to very granular, typically sensitive data

When defining a purpose, you choose its tags. Atlan then considers all assets with at least one of those tags as part of the purpose.

πŸ’ͺ Did you know? Think of purposes as a way of further protecting particularly sensitive data. Even if a user can see data in a table, you may not want them to see one or two sensitive columns within that table.

Asset curation by domain

One way you can use purposes is to curate assets. In this approach, the purpose's tag tends to be a domain. For example, this could be a project or an area of your organization's business.

Through the purpose, you can grant permissions to assets with that tag.

πŸ’ͺ Did you know? With purposes, any future assets given a tag will gain the same permissions β€” no policy changes needed.

Granular data protection

The other way you can use purposes is to enforce granular data protection. In this approach, the purpose's tag tends to be some level of information sensitivity. For example, this could be personally-identifiable information (PII) or confidential internal financial metrics.

These sensitivity tags will tend to be against granular data assets β€” often columns. Personas tend to control permissions at a broader level, for example entire data sources, databases or schemas. Through these more granular tags, purposes give you more fine-grained control. And you can layer this on top of the permissions granted by personas.

For example, you might grant permission to preview and query a database to a group of users through a persona. But you don't want those users to be able to see any PII data β€” specific columns β€” wherever they appear in the database. There could be hundreds of these columns, scattered across thousands of tables. By tagging the columns, you can restrict access to them through a single policy in a purpose. This way you don't need to maintain many separate per-column policies through a persona.

Related articles

Was this article helpful?
1 out of 1 found this helpful