Creating data access policies

You create data access policies to control access to tables or views in cloud data platforms and to filter or de-identify data in other data assets. The steps for creating data access policies are mostly the same, regardless of which type of data access policy you create.

1Click Data Access in the left navigation to display the Data Access Management page.

2Select a type of data access policy by clicking the corresponding tab.

You can create the following types of data access policies:

- Data access control policies
- Data filter policies
- Data de-identification policies

3Click the plus sign to open the data access policy creation page.

The following image shows the data access policy creation page for a data filter policy:

The data access policy creation page includes the following fields: Name, Description, Enforcement Method, Reference ID, Status, Effective Date, End Date, and Asset Groups. A Stakeholders section appears at the bottom of the page.

4Enter the following properties for the data access policy:

Field	Description
Name	Name of the data access policy.
Description	Description of the data access policy.
Enforcement Method	The enforcement method for the data access policy. - Select Data Integration/Data Marketplace to have Data Access Management use this data access policy to protect data in Data Integration mappings and Data Marketplace orders. - Select Pushdown to have Data Access Management push down the data access policy into your cloud data platform. Note: Not all enforcement methods are available for all types of data access policies.
Precedence Tier	The precedence tier of which this data access policy is a part. Data de-identification policies must be part of a precedence tier. Data access control policies and data filter policies are not organized in precedence tiers.
Reference ID	Unique identifier for the data access policy.
Status	The status of the data access policy. Enable the data access policy if you want it to be active immediately after you publish it.
Effective Date	The effective date of the data access policy.
End Date	The end date of the data access policy.
Asset Groups	The asset groups to which the data access policy is assigned.
Stakeholders	The stakeholders for the data access policy. Note: Informatica recommends that you add stakeholders even though it is optional.

5Click Create.

The overview page for the data access policy appears.

You can now add rules to this policy.

If you do not have a workflow configured, this policy will automatically change to published status.

If you do have a workflow configured, this policy will change to draft status.

For more information about designing workflows, see Workflows in the Metadata Command Center help.

Adding a condition to a data access policy

Once you create a new data access policy, you can add one or more conditions to it to further refine when the policy will be activated. This is optional. Only data de-identification policies and data filter policies with an enforcement method of "Data Integration/Data Marketplace" have conditions. The steps for adding a condition to a data access policy are mostly the same, regardless of the type of data access policy.

1View a data access policy.

2Click the Conditions tab.

3Click the plus sign.

The Add Condition page appears. The following image shows the Add Condition page:

The page heading is "Conditions that trigger this data de-identification." You'll use the page elements to add a contextual attribute, an operator, and a value to the condition.

4Click New Row.

5Select a contextual attribute, such as User Group or User Context.

6Select an operator, such as is any of or is null.

7Specify a value.

8Add additional values as needed.

9Click Save.

You can add rules to this data access policy. The type of rules that you add depends on the type of data access policy.