Access control settings
Labs Access control toggles adjust default role behaviors for the whole workspace without changing individual user roles. Each toggle affects the entire workspace when enabled, and only admins can change these settings. Use them to let guests propose metadata changes, give members access to the Reporting Center, show all assets regardless of persona, restrict lineage and glossary visibility by persona, allow users to copy or download sample data, embed Atlan metadata in Tableau, and expand what workflow admins can access.
To reach these toggles, go to Settings → Labs and look under the Access control heading. If you are using the Old UI (Classic), go to Admin → Labs instead.
Allow guests to raise requests for metadata updates
Default: Off
Guest users are read-only by default. They can browse and view assets, but cannot edit anything. Turn this on when you want guests to be able to propose changes to metadata (descriptions, ownership, tags, and similar fields) without having edit access.
When enabled, guests see a request button on any asset they can view. Their proposals land in the standard requests queue for an admin or member to review and approve. The asset is not changed until someone approves the request.
When to enable: external contractors, vendors, or stakeholders who review data assets and need a channel to suggest improvements without being upgraded to Member.
When to disable: if you want a strict read-only experience for all guest users with no proposal mechanism.
To disable, return to the same toggle and turn it off. Pending requests already in the queue remain and can still be actioned; guests just cannot create new ones.
Allow member users to access Reporting Center
Default: Off
The Reporting Center is admin-only by default. Turn this on to give members read access to the four usage and data-health dashboards, so teams can self-serve common reporting needs without being promoted to Admin.
Dashboards unlocked for members when enabled:
- Assets: asset coverage and quality metrics.
- Glossary: glossary, category, and term metrics.
- Insights: query and SQL usage metrics.
- Usage and cost: asset usage and cost tracking.
Dashboards that remain admin-only regardless of this setting: Governance and Automations.
The change takes effect on the member's next page load, with no sign-out required.
When to enable: data teams or analysts who need visibility into usage and data health without administrative access to workspace settings.
When to disable: if Reporting Center access should remain restricted to admins only.
View "All assets" in Assets Discovery
Default: On
By default, every member and guest can see all assets in the workspace, regardless of the personas they belong to, which keeps the catalog open for discovery out of the box. Turn this off to apply persona-based visibility, so members and guests see only the assets their personas cover.
When to keep on: during initial rollout before personas are fully configured, or for workspaces where open catalog browsing is intentional.
When to turn off: when you want persona-based scoping to apply and users should only see what their persona covers. Turning it off returns each user to their persona-scoped view.
Persona switcher in Business Graph
Default: On
By default, the business graph (lineage view) shows each user only the assets their active persona covers, rather than the full connected graph. Turn this off to show all upstream and downstream connected assets to everyone, regardless of persona.
This toggle also controls glossary visibility. While it is on, members and guests see only the glossaries curated through their personas: a user in a persona with no glossary policy, or a user in no persona at all, sees no glossaries. The restriction applies on the Assets page, the glossary tree on the Glossary page, the terms filter, terms in an asset sidebar, linked assets, and related terms.
When to keep on: when users should only see lineage and glossaries within their access scope, or when the business graph would otherwise expose too many asset names to users who shouldn't see them.
When to turn off: when you want the full connected graph and all glossaries visible to everyone regardless of persona.
Allow users to copy or download sample data preview
Default: On
By default, users who have a data access policy for an asset can copy values and download a CSV from the sample data tab on its profile. Turn this off to block copy and download, so sample data cannot leave the browser even for users with data access.
When to keep on: when analysts need to extract sample values for troubleshooting, documentation, or review workflows.
When to turn off: when you want to prevent any sample data from leaving the browser, even for users with data access.
This toggle does not bypass data access policies. Users without a data access policy for the asset still cannot see or interact with sample data.
View embedded Atlan metadata in Tableau
Default: Off
Turn this on to surface Atlan tags, descriptions, owners, and certification status as an embedded panel inside Tableau. Users see Atlan metadata on assets without leaving their BI tool.
When to enable: when your organization uses Tableau and wants to bring catalog context (quality signals, ownership, certification) directly into the BI workflow.
When to disable: to hide the Atlan panel inside Tableau.
The Atlan integration for Tableau must be configured before enabling this toggle.
Allow workflow admins and other custom roles to access all workflows
Default: On
By default, workflow admins can see and manage all workflows in the workspace, regardless of who created them. Turn this off to scope each workflow admin to only the workflows they created.
When to keep on: when a platform team centrally manages automation and needs full workflow visibility for troubleshooting, reassignment, or oversight.
When to turn off: to keep workflow admins scoped to only their own workflows.
Allow workflow admins and related sub-roles to access all apps and packages
Default: On
By default, workflow admins and related sub-roles can install, configure, and manage all apps and packages, not just workflows. Turn this off to restrict workflow admin access to workflow management only.
When to keep on: when the same team manages both workflows and the apps that underpin them, without requiring full workspace Admin rights.
When to turn off: to restrict workflow admins to workflow management only.