Security policies enable you to directly associate roles with specific assets, users, and groups for streamlined governance.
These are some common examples of user roles:
- Data Owner
- Data Steward
- Report Owner
- Technical Custodian
You can define and edit roles and associated security policies on the Security page.
- Go to Administration, then select Roles and Policies.
- Click the Add Role button to create a new role that you can assign to users and groups.
- In the Add Role dialog, enter a Name and Description for the role.
- Select the Default Permissions that you want to grant to the role. These are the permissions that a person who is assigned the selected role will have on all assets. You can configure Read, Create, Update and Delete permissions across Asset, Relation and Owner types.
- Optionally, you can override default permissions for specific asset types within a role by assigning custom permissions in the Role Permissions & Overrides section. To override default permissions for one or more asset types within a role, click Add Asset Type Permission Override. Note: For the Add Asset Type Permission Override button to remain enabled, you must select permissions that differ from the default permissions.
- When you have finished adding permissions, click Add Role.
When you select a role, corresponding details are shown on the right of the page. You can edit and delete roles by clicking the menu button in the relevant row.
Security policies
After creating roles, you can define security policies to streamline your data governance processes. The Security Policies tab provides a list of all security policies, which link roles to specific asset types and selected users or groups. The details panel shows the asset type, role, and applicable conditions for each security policy.
Tip: You can grant responsibilities to particular users and groups from the Ownership tab on an asset. Alternatively, you can use security policies to directly associate a role to particular assets and chosen users and groups.
- Click the Add button to create a new security policy.
- In the Add Security Policy dialog, enter a Name and choose an Asset Type and Role to relate it to.
- Optionally, clear Policy Assignment Visible? to hide the users and groups assigned to the role via this security policy from the Ownership view of affected assets.
- Define when the security policy should apply. Choose from:
- All assets of this type: Apply the security policy to all instances of the chosen asset type, as well as granting the ability to create new instances of the type (for example, granting users the ability to create new Business Terms).
- Certain assets based on conditions: Use conditions to narrow down the instances of the chosen asset type to apply the security policy to. For example, 'only apply this security policy when the Platform field is Azure Cosmos'. The conditions will not apply to create activities, read, modify and remove.
- Define who the security policy should apply to. Choose Group or User and select the relevant person or group from the list.
Tip: When a user updates an asset, any applied security policies will automatically enforce the necessary updates to ensure compliance.
Tip: Different asset types under the same role can have unique permissions. Alternatively, permissions can apply across all asset types without explicit assignments.