Data Access Management > Data access policies > Creating data access policies
  

Creating data access policies

You create data access policies to control access to tables or views in cloud data platforms and to filter or de-identify data in other data assets. The steps for creating data access policies are mostly the same, regardless of which type of data access policy you create.
    1Click Data Access in the left navigation to display the Data Access Management page.
    2Select a type of data access policy by clicking the corresponding tab.
    You can create the following types of data access policies:
    3Click the plus sign to open the data access policy creation page.
    The following image shows the data access policy creation page for a data filter policy:
    The data access policy creation page includes the following fields: Name, Description, Enforcement Method, Reference ID, Status, Effective Date, End Date, and Asset Groups. A Stakeholders section appears at the bottom of the page.
    4Enter a title and description for the data access policy.
    5Select the enforcement method.
    Note: Not all enforcement methods are available for all types of data access policies.
    6Data de-identification policies must be part of a precedence tier. Data access control policies and data filter policies are not organized in precedence tiers.
    7Enter a reference ID or allow Data Governance and Catalog to auto-generate one.
    8Enable the data access policy if you want it to be active immediately after you publish it.
    9Optionally enter effective and end dates.
    10Select stakeholders.
    Note: Informatica recommends that you add stakeholders even though it is optional.
    11Click Create.
    The overview page for the data access policy appears.
You can now add rules to this policy.
If you do not have a workflow configured, this policy will automatically change to published status.
If you do have a workflow configured, this policy will change to draft status.
For more information about designing workflows, see Workflows in the Metadata Command Center help.

Adding a condition to a data access policy

Once you create a new data access policy, you can add one or more conditions to it to further refine when the policy will be activated. This is optional. Only data de-identification policies and data filter policies with an enforcement method of "Data Integration/Data Marketplace" have conditions. The steps for adding a condition to a data access policy are mostly the same, regardless of the type of data access policy.
    1View a data access policy.
    2Click the Conditions tab.
    3Click the plus sign.
    The Add Condition page appears. The following image shows the Add Condition page:
    The page heading is "Conditions that trigger this data de-identification." You'll use the page elements to add a contextual attribute, an operator, and a value to the condition.
    4Click New Row.
    5Select a contextual attribute, such as User Group or User Context.
    6Select an operator, such as is any of or is null.
    7Specify a value.
    8Add additional values as needed.
    9Click Save.
    You can add rules to this data access policy. The type of rules that you add depends on the type of data access policy.