What are requests?

Requests allow users to suggest changes to assets that they cannot directly change themselves.

πŸ€“ Who can do this? Any user without edit access to an asset's metadata can request changes to an asset.

Let's break that down a little bit:

Examples

The key point to understand is the statement "where they have permission". As described in How do I control access to metadata and data? there are many options in Atlan to control these permissions.

So let's look at a few examples:

Connection admin permissions

In the simplest case, connection admins:

  • Have direct edit access to all assets in a connection
  • Both admin users and member users can be connection admins

Connection admins will generally not be able to suggest changes to assets in their connection, because they can make changes to them directly. (The only exception to this is described below β€” when the edit permission granted to connection admins by default is overridden by a policy that explicitly denies edit permissions.)

Policy-based permissions

You can grant more granular permissions through access policies:

  • Control the subset of assets in a connection that can be directly changed (or not)
  • Control the specific characteristics of assets that can be directly changed (or not)

For example, in a metadata policy you could specify that:

  • For any assets (tables, columns) in a certain schema,
  • a certain group of users can only add or remove terms (no other changes).

In this example, any admin users or member users in that group will still be able to suggest other changes to the assets in that schema. (For example, changes to the description, owners, certification, or tags.)

πŸ’ͺ Did you know? Remember that access is denied by default. This means if an admin user or member user is not a connection admin, and is not part of any policy giving them permission to change metadata, then by default the user will only be able to suggest changes to metadata.

Overridden permissions

Keep in mind, though, that explicit restrictions always take priority. This means even when one policy (or being a connection admin) would otherwise give permission to change assets directly, it is possible to override that permission.

For example, in a metadata policy you could specify that:

  • For any assets (tables, columns) in a certain database,
  • all updates are explicitly denied to a certain group of users.

Even if a user does have permission to directly update an asset from some other policy, this explicit deny policy will take priority. In this case, the user will only be able to suggest changes to the assets in that database. It does not matter if they are an admin user or member user, or even a connection admin.

Related articles

Was this article helpful?
1 out of 1 found this helpful