intro-policy

Datafi Policy

Datafi built comprehensive policy settings for users and datasources to ensure all the data within your organization is protected. There are several components in the Datafi policy listed in this document.

User

In this section, you could review the access of each user in the platform. You could switch on/off the access of each user to the datasource.

Roles

Role is an access control setting pre-defined by you. Once the role is setup, you could simply assign user to this role and the user will inherit all the access settings from this role. In this section, you can review all the role settings

Schema

Review access level of all the datasources.

Rules

Rule is a set of logics and criteria defined for the system to take certain actions for the datasource and users.
For example: You could define criteria that automatically block access to datasource outside of work hours.

Data Classification

In the policy, you could configure the classification settings to datasources and users. In each datasource, you could also set different classification value for different table and column.

Access levelConfidentialitySensitivityIdentity
Most restrictedc5s5i5
vc4s4i4
vc3s3i3
vc2s2i2
vc1s1i1
Least restrictedc0s0i0

How it works

By default, the policy settings will inherit from the higher level of data object i.e. settings of columns will inherit from settings of table, settings of table will inherit from settings of datasource. Therefore, when you change the policy settings for datasource, it will affect all the tables and columns in that datasource except the one you have assigned different value.

For example:
You have a datasource containing sales data with settings of c3, s3, i3. In this datasource, you have one table of customer data that you set to be c5,s5,i5, other tables unchanged. When one day you change this sales data datasource settings to c2,s2,i2, the setting of customer data table will remain to be c5,s5,i5.

Scenarios

DatasourceTableColumnUser-JohnResults
c3,s3,i3c3,s3,i3c3,s3,i3c0,s0,i0John won't see this datasource in his account
c3,s3,i3c3,s3,i3c4,s3,i3c3,s3,i3John can see the table but won't see that column within the table
c4,s4,i4c3,s3,i3c3,s3,i3c3,s3,i3John won't see tis datasource and tables in his account