What are purposes?

Have more questions? Submit a request

Purposes provide ways to interact with classified assets. They address two main objectives:

  • Grouping assets together in ways they may be used by many teams, for example by project or domain
  • Controlling access to very granular, typically sensitive data

When defining a purpose, you choose its classifications. Atlan then considers all assets with at least one of those classifications as part of the purpose.

💪 Did you know? Think of purposes as a way of further protecting particularly sensitive data. Even if a user can see data in a table, you may not want them to see one or two sensitive columns within that table.

Asset curation by domain

One way you can use purposes is to curate assets. In this approach, the purpose's classification tends to be a domain. For example, this could be a project or an area of your organization's business.

Through the purpose, you can grant permissions to assets with that classification.

💪 Did you know? With purposes, any future assets given a classification will gain the same permissions — no policy changes needed.

Granular data protection

The other way you can use purposes is to enforce granular data protection. In this approach, the purpose's classification tends to be some level of information sensitivity. For example, this could be personally-identifiable information (PII) or confidential internal financial metrics.

These sensitivity classifications will tend to be against granular data assets — often columns. Personas tend to control permissions at a broader level, for example entire data sources, databases or schemas. Through these more granular classifications, purposes give you more fine-grained control. And you can layer this on top of the permissions granted by personas.

For example, you might grant permission to preview and query a database to a group of users through a persona. But you don't want those users to be able to see any PII data — specific columns — wherever they appear in the database. There could be hundreds of these columns, scattered across thousands of tables. By classifying the columns, you can restrict access to them through a single policy in a purpose. This way you don't need to maintain many separate per-column policies through a persona.

Related articles

Was this article helpful?
0 out of 0 found this helpful