You can create, modify, clone, disable, or delete access policies.
When you disable or delete an access policy, the rules defined in the access policy do not apply. You cannot delete predefined access policies, but you can disable or clone them.
You can manage access policies on the Access Policies tab on the Access Control page.
To search for access policies, you can use filters. To show or hide the Category and Updated By columns on the Access Policies tab, right-click any column header and select the column.
Required privileges
To view access policies, you need the View Access Control privilege. Also, to create, view, update, and delete access policies, you need the Manage Access Control privilege.
Creating and publishing an access policy
To create an access policy, specify the name and description and associate the access policy with a stakeholder role, user group, or user role. Define one or more rules for the access policy that determine the level of access to assets, and then publish the access policy.
1Go to Access Control and click Access Policies.
2Click Add, and then select the type of access policy that you want to create.
Alternatively, on the navigation panel, click New > Access Control, select the type of access policy, and then click Create.
The New Access Policy page opens on the Overview tab. The properties that appear depend on the type of access policy you select.
3Enter the general information applicable to your access policy type.
User role policy
Property
Description
Name
A name to identify the access policy.
Description
Optional. A description of the access policy.
User Role
Select the user role that you want the access policy to apply to.
Override other policy types
Optional. From Advanced Settings, choose to override other access policy types if multiple access policies are enabled.
Stakeholder role policy
Property
Description
Name
A name to identify the access policy.
Description
Optional. A description of the access policy.
Selected Role
Specify if you want the stakeholder role policy to apply to users with specific stakeholder roles or to users who are non-stakeholders.
Choose from the following options:
- Stakeholder. Select Stakeholder to specify a stakeholder role.
- Non-Stakeholder. Select Non-Stakeholder to specify if you want the access policy to apply to both non-stakeholders and users with stakeholder roles.
Stakeholder Role
Required if you choose Stakeholder as the selected role. Select the stakeholder role that you want the access policy to apply to.
Override other policy types
Optional. From Advanced Settings, choose to override other access policy types if multiple access policies are enabled.
User group policy
Property
Description
Name
A name to identify the access policy.
Description
Optional. A description of the access policy.
Selected Group
Specify if you want the user group policy to apply to a specific user group or to all users.
Choose from the following options:
- Single User Group. Select Single User Group to specify a user group
- All Users. Select All Users if you want the access policy to apply to all users.
User Group
Required if you choose Single User Group. Select the user group that you want the access policy to apply to.
4Click Next.
5Add one or more rules to define the access policy.
You can create rules based on asset types or attribute groups.
- Create a rule based on asset types. For information about how to create rules based on asset types, see Creating rules based on asset types.
7To publish the policy, click Publish to start the publishing job.
To discard the policy, click Discard.
Creating rules based on asset types
You can create rules to define an access policy based on asset types.
1On the Rules tab, click Add.
The Condition page appears.
2Click Add.
3Select Asset Type.
4For user role and stakeholder role policies, perform the following steps:
aClick Add New to select one or more asset types from the hierarchy and click OK. Optionally, add one or more predicates to the condition.
bClick Add Permission to grant permissions to users governed by the access policy.
Note: The list of available permissions is based on the asset type and the predicate that you selected.
5For a user group policy, perform the following steps:
aTo apply the condition to specific asset groups, choose Is Any Of and click Add New.
bIn the Select Asset Groups window, select one or more asset groups from the hierarchy and click OK.
cTo add a condition that applies to assets that are not associated with asset groups, choose Is Null.
dClick Add Permission to grant permissions to users governed by the access policy.
6Click Save.
7To create another rule, click Add or to edit an existing rule, click Edit.
Creating rules based on attribute groups
You can create rules to define an access policy based on attribute groups.
1On the Rules tab, click Add.
The Condition page appears.
2Click Add.
3Select Attribute Groups.
4For user role and stakeholder role policies, perform the following steps:
aClick Add New and choose an attribute group.
bAdd the condition based on your requirement.
▪ To add a condition that applies to any asset type, choose Is Any.
▪ To add a condition that applies to specific asset types, choose Is Any Of and click Add New. In the Select Asset Groups window, select one or more asset groups from the hierarchy and click OK.
cOptional. Add one or more predicates to the condition.
dSelect the permissions to grant users governed by the access policy.
5For a user group policy, perform the following steps:
aClick Add New and choose an attribute group.
bAdd the condition based on your requirement.
▪ To add a condition that applies to specific asset groups, choose Is Any Of, click Add New. In the Select Asset Group window, select the asset groups from the hierarchy and click OK.
▪ To add a condition that applies to assets that are not associated with asset groups, choose Is Null.
cSelect the permissions to grant users governed by the access policy.
6Click Save.
7To create another rule, click Add or to edit an existing rule, click Edit.
Editing an access policy
You can edit an access policy that you created and change the name, description, and other properties.
1On the Access Control page, click Access Policies.
2Select the access policy that you want to modify.
3From the Actions menu, click Edit.
4Modify the required properties and click Save.
A draft access policy is created.
5To publish the updated access policy, click Publish.
6To enable the access policy, click Enable.
Disabling a metadata access policy
Disabling an access policy removes it from all users that are associated with it.
1On the Access Control page, click Access Policies.
2Select the access policy that you want to disable.
3From the Actions menu, click Disable.
A confirmation box appears.
4Click Disable.
You can enable the access policy to associate it with users again. To enable an access policy that you disabled, click Enable.
Cloning an access policy
Clone an access policy to create an access policy that is similar to the existing access policy. You cannot edit a predefined access policy, but you can clone the access policy and update it.
1On the Access Control page, click Access Policies.
2Select the access policy that you want to clone.
3From the Actions menu, click Clone.
4Modify the name and description and click Create.
Note: You cannot change the policy type for a user group policy.
5Click Create.
6Update the policy as needed and click Save.
7To publish the policy, click Publish to start the publishing job.