π€ Who can do this? You will need to be an admin user to create purposes.
Create purpose
π¨ Careful! A purpose acts on at least one tag. This tag must be created before creating the purpose.
To create a purpose:
- From the left menu of any screen, click Governance.
- Under Access Control, click Purposes.
- If this is the first purpose, click the Get started button. Otherwise, in the top right, click the New Purpose button.
- For Purpose name, enter a meaningful name for the purpose.
- (Optional) Add a description for the purpose.
- In the lower-left corner of the dialog, click Select tag.
- Select one or more tags from the list, and then click on the purpose box again to close the list.
- Click Create to create the purpose.
You now have an empty purpose.
πͺ Did you know? The purpose will not yet control any access. Your users can still use the purpose to quickly browse assets with any of the tags selected, though.
(Optional) Add rich documentation
To add rich documentation describing the purpose:
- Under Summary, then Channels, add any Slack channels relevant to the purpose.
- Under Resources, add links to external resources like PDFs, repositories, Notion, Confluence, Google Drive β anything that has a URL.
- Under Readme, write a richly formatted description of the purpose.
Add policies
πͺ Did you know? For the purpose to control access, you need to define one or more policies. Repeat the following steps for each set of users and permissions you want to control through the purpose.
To add policies to the purpose, from within the purpose:
- Change to the Policies tab.
- Click the New Policy button and choose the type of policy.
Add a metadata policy
To grant or restrict permissions to change metadata:
- Choose Metadata policy.
- Under Name, briefly describe the policy's intention.
- (Optional) Under Users and Groups, choose the users to whom to apply the policy. By default, all users will be included. To select others:
- In the Users and Groups box, click the x.
- Under Users and Groups, click the Add link.
- Search for and select the users and groups to control with the policy, and then click anywhere in the Metadata policy sidebar.
- (Optional) For Configure permissions, choose the permissions the policy will grant. By default, all permissions will be granted. To select others:
- To the right of Configure permissions, click the Edit link.
- Select the permissions required. If you are unsure what they do, hover over the checkbox to see a more detailed description of each one.
- At the bottom of the list, click Save.
- (Optional) For Deny selected permissions, choose whether you want to explicitly deny these permissions.
π¨ Careful! If enabled, this will override all grants of those permissions from any other policies for the same users.
- At the bottom of the Metadata policy sidebar, click Save.
Add a data policy
To grant or restrict permissions to query or preview data:
- Choose Data policy.
- Under Name, briefly describe the policy's intention.
- (Optional) Under Users and Groups, choose the users to whom to apply the policy. By default, all users will be included. To select others:
- In the Users and Groups box, click the x.
- Under Users and Groups, click the Add link.
- Search for and select the users and groups to control with the policy, and then click anywhere in the Data policy sidebar.
- (Optional) For Querying Permissions, choose whether you want to explicitly deny the ability to query and preview data on these assets.
π¨ Careful! If enabled, this will override all grants of those permissions from any other policies for the same users. This will also deny at the table level β even if only 1 out of 100 columns in a table has the tag, previewing and querying will be denied for the entire table.
- (Optional) For Configure permissions, choose the masking policy to apply. By default, no masking will be applied. To apply masking, under Masking (Optional), select the type of masking to apply. If you are unsure what they do, hover over each one to see a more detailed description and an example.
- At the bottom of the Data policy sidebar, click Save.
(Optional) Set preferences
πͺ Did you know? You can also personalize the details users will see in the sidebar or filters menu when in a purpose. This is great to limit information overload, by showing only what is relevant to a given set of users.
To set preferences for the purpose:
- Change to the Preferences tab of the purpose. From the left menu, configure the following:
- To limit the asset types that should be visible to the purpose:
- Click Asset types to view asset type preferences.
- Click the checkbox to the left of each tab's name to include it (on) or exclude it (off) for the purpose.
- To limit the out-of-the-box tabs that should be visible to the purpose:
- Click Asset sidebar to view asset sidebar preferences.
- Click the checkbox to the left of each tab's name to include it (on) or exclude it (off) for the purpose.
- To limit the asset filters that should be visible to the purpose:
- Click Asset filters to view asset filter preferences.
- Click the checkbox to the left of each tab's name to include it (on) or exclude it (off) for the purpose.
- To limit the custom metadata that should be visible to the purpose:
- Click Custom metadata to view custom metadata preferences.
- Click the checkbox to the left of each custom metadata structure to include it (on) or exclude it (off) for the purpose.