Domain policy

||Connect docs via MCP

Configure domain access in personas: control who can read, update, and manage data domains, subdomains, and data products in Atlan. Domain policies govern access to the domain itself, including its metadata, structure, subdomains, and products.

Domain policies don't control access to the individual assets (tables, columns, dashboards) that live inside a domain. To control access to those assets, use metadata policies or data policies.

Domain policies can only be defined through personas.

Only applies if using data domains

Domain policies are available only if your workspace has the data products module enabled. If your team isn't using data domains, this policy doesn't apply.

Access

Domain policies aren't enabled by default. To use them, you must be an admin, or hold the Governance Admin sub-role, with permissions to define personas and governance settings.

You can access this in Governance → Access Control → Personas, then open a persona (or create a new one), go to the Policies tab, and click New Policy → Domain Policy. Once saved, the policy applies to all users and groups linked to that persona. For a full walkthrough, see Create domain policies.

Name

Specifies a unique name to identify the domain policy in Atlan. This name must briefly describe the purpose or scope of the policy.

Example:

Wholesale-domain-policy

Select domains

Choose the domains on which this policy is applied. You can select specific domains or apply the policy to all domains.

Example:

All domains

Configure permissions

Define what users in the persona can do with the selected domains, their subdomains, and their products.

Edit

Controls access to domains and the structures within them.

• Read: view metadata, resources, and READMEs for data domains.
• Update domains: update metadata, resources, and READMEs for data domains.
• Create sub-domains: create new subdomains within a domain.
• Update sub-domains: update metadata, resources, and READMEs for subdomains.
• Create products: create new data products within a domain.
• Update products: update metadata, resources, and READMEs for data products.
• Delete products: delete data products within a domain.
• Update custom metadata for domains: edit custom metadata for domains.
• Update custom metadata for sub-domains: edit custom metadata for subdomains.
• Update custom metadata for products: edit custom metadata for data products.

Deny selected permissions

Explicitly restricts an action, even when it's granted through another policy. Deny rules take precedence and override grants from other policies, including the Admin role. An explicit deny is a hard ceiling that no role or approval can override.

See also

• Create domain policies: Full walkthrough for domain policies.
• What are data products?: The module domain policies depend on.
• Metadata policy: Govern access to the assets inside a domain.