Creating data access policies

You create data access policies to control access to tables or views in cloud data platforms and to filter or de-identify data in other data assets. The steps for creating data access policies are mostly the same, regardless of which type of data access policy you create.

1Click Data Access in the left navigation to display the Data Access Management page.

The following image shows the Data Access Management page:

The image shows the Data Access Management page, which includes a top navigation options for Data Access Control, Data Filter, and Data De-identification. The user has selected Data De-identification. The three sub-tabs are Data De-identification, Data Protection, and Precedence Tier. A plus sign appears for creating a new data de-identification. Filter and sort options also appear.

2Select a type of data access policy by clicking the corresponding tab.

You can create the following types of data access policies:

- Data access control policies
- Data filter policies
- Data de-identification policies

3Click the plus sign to open the data access policy creation page.

The following image shows the data access policy creation page for a data de-identification policy:

The image shows the data access policy creation page with the following fields: Name, Description, Precedence Tier, Reference ID, Status, Effective Date, End Date, and Asset Groups. A Stokeholders section appears at the bottom of the page. "Create" and "X" buttons appear at the top of the page.

4Enter a title and description for the data access policy.

5Data de-identification policies must be part of a precedence tier. Data access control policies and data filter policies are not organized in precedence tiers.

6Enter a reference ID or allow Data Governance and Catalog to auto-generate one.

7Enable the data access policy if you want it to be active immediately after you publish it.

8Optionally enter effective and end dates.

9Select stakeholders.

Note: Informatica recommends that you add stakeholders even though it is optional.

10Click Create.

The overview page for the data access policy appears.

You can now add rules to this policy.

This policy will stay in Draft status until you publish it.

Adding a condition to a data access policy

Once you create a new data access policy, you can add one or more conditions to it to further refine when the policy will be activated. This is optional. Only data filter policies and data de-identification policies have conditions. The steps for adding a condition to a data access policy are mostly the same, regardless of the type of data access policy.

1View a data access policy.

2Click the Conditions tab.

3Click the plus sign.

The Add Condition page appears. The following image shows the Add Condition page:

The image shows one condition on the Add Condition page. The user has selected "User Group" as the driver, "is any of" as the operator, and "AML Team" as one value. the user is searching for a second value for "User Group." A "New Row" button appears below the condition. "Save" and "X" buttons appear at the top of the page.

4Click New Row.

5Select a contextual attribute, such as "User Group" or "User Context."

6Select an operator, such as "is any of" or "is null."

7Add a value.

8Add additional values as needed.

9Click Save.

You can add rules to this data access policy. The type of rules that you add depends on the type of data access policy.