Granular Access Policies

🏰 What is an Access Policy?

An Access Policy defines the permissions for who can access a data asset within your Atlan workspace.

For example, say that Adam from Marketing requested access to Ad_Campaign data. A new access policy can be set up to grant Adam read-only access to only the Ad_Campaign data asset.

Organizations today rely heavily on data to drive business decisions and strategies. Therefore, it's not just data teams who need to access dataβ€”business users from other teams and roles also need to see the latest data. However, it's important that they can't access everything. A lot of company data is confidential or sensitive, so it needs to be restricted to the right users.

A report by the Ponemon Institute (Corporate Data: A Protected Asset or a Ticking Time Bomb?) highlights that employers often neglect to block users from accessing sensitive data.

71% of employees have access to data they should not see. – Ponemon Institute​

Granular Access Policies in Atlan help you maintain confidentiality while democratizing data within your organization. You can create an Access Policy to grant permissions for viewing or collaborating, or deny access to specific data assets. Access Policies can be created for a database, table, column and everything in between.

This article will cover everything you need to know to create and manage Access Policies in your Atlan workspace.

πŸ”’ The anatomy of Access Policies

Before we get into how to create an Access Policy, let's start with the parameters you need while defining an Access Policy.

  1. Actions πŸ”§

  2. Assets πŸ““

  3. Users πŸ‘₯

πŸ”§ Types of actions

There are two types of actionsβ€”Allow and Deny.

  • 🏁 The Allow action grants access to an asset. Example: Give a person access to a specific data table.

  • 🚫 The Deny action restricts the access to an asset. Example: Block a team from seeing PII data.

Each action has further granularity:

  1. πŸ“„ View: Read-only access

  2. ✍️ View & Collaborate: Read and write access

πŸ““ Methods of assigning assets

There are two ways to assign data assets to an Access Policy.

  • Access by Asset Type You can choose the data asset type (table, database, schema, integration, or view) and search for the specific data asset you want to link with the policy. πŸ‘‰ The Access Policy will propagate by hierarchy Example: If you assign a Deny policy to a database, then all the assets related to that database (such as tables or columns) will also be restricted.

  • Access by Classification You can select a Classification (such as "Protected"). Then all assets marked with this Classification will adhere to the Access Policy you set. 🌟 This is especially useful for restricting PII, CIA, or Protected data.

You can even use a combination of Classifications and Asset Types in your Access Policies for more granular control.

πŸ‘₯ Assigning users

An Access Policy can be assigned to either user(s) or group(s).

  1. User(s): Assign a policy to one user or multiple users

  2. Group(s): Assign a policy to a group of users

πŸš€ A step-by-step guide to creating an Access Policy

  1. Click on "Access" in the left menu, and select Policies.

  2. Click on "Create New Policy".

  3. Give a name to your new Access Policy.

  4. Select the asset type from the drop-down list, and search for the name of the asset.

  5. Alternative: Choose a Classification from the list.

  6. Decide whether to Allow or Deny access to the asset, based on your policy.

  7. Choose the granularity for your policyβ€”either View or View & Collaborate access.

  8. Search and select for the user or the group of users.

  9. Click "Save Changes".

A policy to restrict access to Protected tables to all analysts

β€ŒOnce you create an Access Policy, it will take a minute for it to take effect.

This is how you can define Access Policies for enhanced security and governance! 🎊