Purposes provide ways to interact with classified assets. They address two main objectives:
- Grouping assets together in ways they may be used by many teams, for example by project or domain
- Controlling access to very granular, typically sensitive data
When defining a purpose, you choose its classifications. Atlan then considers all assets with at least one of those classifications as part of the purpose.
Asset curation by domain
One way you can use purposes is to curate assets. In this approach, the purpose's classification tends to be a domain. For example, this could be a project or an area of your organization's business.
Through the purpose, you can grant permissions to assets with that classification.
Granular data protection
The other way you can use purposes is to enforce granular data protection. In this approach, the purpose's classification tends to be some level of information sensitivity. For example, this could be personally-identifiable information (PII) or confidential internal financial metrics.
These sensitivity classifications will tend to be against granular data assets — often columns. Personas tend to control permissions at a broader level, for example entire data sources, databases or schemas. Through these more granular classifications, purposes give you more fine-grained control. And you can layer this on top of the permissions granted by personas.
For example, you might grant permission to preview and query a database to a group of users through a persona. But you don't want those users to be able to see any PII data — specific columns — wherever they appear in the database. There could be hundreds of these columns, scattered across thousands of tables. By classifying the columns, you can restrict access to them through a single policy in a purpose. This way you don't need to maintain many separate per-column policies through a persona.