Users can search and discover all assets in Atlan. However, if they have not been granted permissions to act on those assets, their access will be limited. Atlan shows this limited access with a lock icon.
The limitations are tied to:
- Whether or not the user is a connection admin
- Access policies
The limitations are in terms of the actions that you can and cannot perform. A combination of the above two factors will usually determine these limitations.
Connection admin
Connection admins manage connectivity to a data source. Even if you are a member user, as a connection admin you'll have full access to the assets from that connection.
Any user with connection admin status will not see the lock icon for their assets in Atlan. However, there are exceptions — an access policy can override a connection admin's default full access.
Setting access policies helps you maintain granular control over your assets in Atlan. You can define these access policies by personas and purposes.
Access policies
Access policies often supersede the default permissions associated with connection admins and user roles. Access policies either allow or restrict access to certain assets.
For example, even as a member user, you'll be able to add tags and terms to an asset if you're part of a persona with a metadata policy that allows this action. Guest users in Atlan can only suggest changes to asset metadata if enabled from the admin center.
In fact, access policies can also be used to give users full access to certain assets without making them connection admins.
User roles
Although there are default permissions associated with each user role (admin, member, and guest), access to assets is entirely dependent on whether the user is a connection admin or part of a persona or purpose.
For example, a member user who is neither a connection admin nor part of any persona or purpose will see every single asset in Atlan with a lock icon.