An Access Policy defines the permissions for who can access a data asset within your Atlan workspace.
For example, say that Adam from Marketing requested access to Ad_Campaign
data. A new access policy can be set up to grant Adam read-only access to only the Ad_Campaign
data asset.
Organizations today rely heavily on data to drive business decisions and strategies. Therefore, it's not just data teams who need to access dataโbusiness users from other teams and roles also need to see the latest data. However, it's important that they can't access everything. A lot of company data is confidential or sensitive, so it needs to be restricted to the right users.
A report by the Ponemon Institute (Corporate Data: A Protected Asset or a Ticking Time Bomb?) highlights that employers often neglect to block users from accessing sensitive data.
71% of employees have access to data they should not see. โ Ponemon Instituteโ
Granular Access Policies in Atlan help you maintain confidentiality while democratizing data within your organization. You can create an Access Policy to grant permissions for viewing or collaborating, or deny access to specific data assets. Access Policies can be created for a database, table, column and everything in between.
This article will cover everything you need to know to create and manage Access Policies in your Atlan workspace.
Before we get into how to create an Access Policy, let's start with the parameters you need while defining an Access Policy.
Actions ๐ง
Assets ๐
Users ๐ฅ
There are two types of actionsโAllow and Deny.
๐ The Allow action grants access to an asset. Example: Give a person access to a specific data table.
๐ซ The Deny action restricts the access to an asset. Example: Block a team from seeing PII data.
Each action has further granularity:
๐ View: Read-only access
โ๏ธ View & Collaborate: Read and write access
There are two ways to assign data assets to an Access Policy.
Access by Asset Type You can choose the data asset type (table, database, schema, integration, or view) and search for the specific data asset you want to link with the policy. ๐ The Access Policy will propagate by hierarchy Example: If you assign a Deny policy to a database, then all the assets related to that database (such as tables or columns) will also be restricted.
Access by Classification You can select a Classification (such as "Protected"). Then all assets marked with this Classification will adhere to the Access Policy you set. ๐ This is especially useful for restricting PII, CIA, or Protected data.
You can even use a combination of Classifications and Asset Types in your Access Policies for more granular control.
An Access Policy can be assigned to either user(s) or group(s).
User(s): Assign a policy to one user or multiple users
Group(s): Assign a policy to a group of users
Click on "Access" in the left menu, and select Policies.
Click on "Create New Policy".
Give a name to your new Access Policy.
Select the asset type from the drop-down list, and search for the name of the asset.
Alternative: Choose a Classification from the list.
Decide whether to Allow or Deny access to the asset, based on your policy.
Choose the granularity for your policyโeither View or View & Collaborate access.
Search and select for the user or the group of users.
Click "Save Changes".
โOnce you create an Access Policy, it will take a minute for it to take effect.
This is how you can define Access Policies for enhanced security and governance! ๐