Hey folks :wave::skin-tone-2:
Is it possible to de...
# advice-data-governanced
delightful-sugar-63810
08/21/2022, 4:47 PMHey folks 👋🏻
Is it possible to define policies for the entities that are tagged with a specific tag? Or to the ones that is marked with a glossary term?
Our example use case: I want to make datasets tagged as PII visible only to specific groups. Is that possible?
👍 1
l
loud-island-88694
08/22/2022, 1:07 AM
@echoing-airport-49548 ^
b
better-orange-49102
08/23/2022, 10:39 AMis that a new feature in the pipeline we can expect? 😛
b
big-carpet-38439
08/23/2022, 4:53 PMCurrently, Domains are the only mechanism we're experimenting with supporting in access control. However, Tag or Term based does make sense and is something we'd consider adding to the roadmap depending on demand
d
delightful-sugar-63810
08/23/2022, 6:37 PMOne additional question: What I can see that I cannot "prevent all users to see entities of a domain except for gruop X". Is that correct?
e
echoing-airport-49548
08/23/2022, 8:33 PMHey @delightful-sugar-63810 are you asking if you can prevent everyone besides group X to see entities in a domain? You should be able to set up your policies in this way, yes
echoing-airport-49548
08/23/2022, 8:34 PMDo note that we only have allow patterns rather than deny patterns, however
echoing-airport-49548
08/23/2022, 8:36 PMSo you will have to be careful to not allow any other users to view all entities across all domains, for example
d
delightful-sugar-63810
08/23/2022, 9:38 PM@echoing-airport-49548 I see, so I think this is a bit trickier than I though, so for example I have a single domain that is named as PII. Some entities are inside while others are not.
I want to let all users to see all entities except for the PII, and the domain PII should be only visible to my "Admins" group.
What I understand is, this is currently impossible to set something like that. Is that correct? Hope I'm not missing a simple thing here 😅
BTW I'm so grateful for your support and the time you are putting on this teamwork
b
better-orange-49102
08/24/2022, 2:21 AMnot viewable is possible to setup (though the policies can get complex), if you mean that you can tolerate user seeing the asset showing up in searches, but clicking on it leads to a no-permission page
better-orange-49102
08/24/2022, 2:22 AMshowing up in searches also mean that users can see whatever in searches, for instance, a short blurb of the asset description
better-orange-49102
08/24/2022, 2:22 AMbut it is not possible to hide asset in searches at the moment
better-orange-49102
08/24/2022, 2:24 AM"Currently, Domains are the only mechanism we're experimenting with supporting in access control. However, Tag or Term based does make sense and is something we'd consider adding to the roadmap depending on demand", but @big-carpet-38439, domains are not distinguishable from terms if you do that haha.
The only reason why i would continue using domains in that case would be that I would restrict the ability to edit domains to a far smaller subset of people compared to editing glossary terms in dataset. Setting view ACL is well and good, but only if people can't bypass the settings by removing the block and insert it back afterwards 🙂
2 Views