yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-08-21 15:38:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Minor: Adding Docs for Simple Policy Updates (#16478)

Browse Source
This commit is contained in:
Prajwal214 2024-06-03 19:44:20 +05:30 committed by GitHub
parent 33398610a4
commit 327ca76c28
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 84 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
openmetadata-docs/content/v1.3.x/how-to-guides/admin-guide/roles-policies/use-cases.md
View File

@ -61,4 +61,45 @@ alt="PII Sensitive Tag Policy"
caption="PII Sensitive Tag Policy"
/%}
In this rule, we are specifying to deny operations if the table tag contains PII.Sensitive tag and if the logged-in user is not the owner, or their team is not the owner of the Table.
In this rule, we are specifying to deny operations if the table tag contains PII.Sensitive tag and if the logged-in user is not the owner, or their team is not the owner of the Table.
### Use Case 5: Restrict User Account Access to a Specific Service/Database
To restrict a user account to only see data from one specific service/database, you can create a policy that includes rules to allow access to the desired service and deny access to others. This involves setting up policies with specific conditions based on the service name. The following steps outline how this can be done using the API:
1. **Create a Policy**: Define a policy that allows access to the specific service.
2. **Assign the Policy**: Assign this policy to the user or role.
## Example Policy:
```json
{
"name": "ServiceAccessPolicy",
"rules": [
{
"name": "AllowSpecificService",
"resource": "DatabaseService",
"operation": "View",
"condition": {
"match": {
"service.name": "desired_service_name"
}
},
"effect": "Allow"
},
{
"name": "DenyOtherServices",
"resource": "DatabaseService",
"operation": "View",
"condition": {
"notMatch": {
"service.name": "desired_service_name"
}
},
"effect": "Deny"
}
]
}
```
By implementing this policy, the user account will be restricted to access only the specified service, enhancing data security and ensuring that users can only view the data they are authorised to see.

43
openmetadata-docs/content/v1.4.x/how-to-guides/admin-guide/roles-policies/use-cases.md
View File

@ -61,4 +61,45 @@ alt="PII Sensitive Tag Policy"
caption="PII Sensitive Tag Policy"
/%}
In this rule, we are specifying to deny operations if the table tag contains PII.Sensitive tag and if the logged-in user is not the owner, or their team is not the owner of the Table.
In this rule, we are specifying to deny operations if the table tag contains PII.Sensitive tag and if the logged-in user is not the owner, or their team is not the owner of the Table.
### Use Case 5: Restrict User Account Access to a Specific Service/Database
To restrict a user account to only see data from one specific service/database, you can create a policy that includes rules to allow access to the desired service and deny access to others. This involves setting up policies with specific conditions based on the service name. The following steps outline how this can be done using the API:
1. **Create a Policy**: Define a policy that allows access to the specific service.
2. **Assign the Policy**: Assign this policy to the user or role.
## Example Policy:
```json
{
"name": "ServiceAccessPolicy",
"rules": [
{
"name": "AllowSpecificService",
"resource": "DatabaseService",
"operation": "View",
"condition": {
"match": {
"service.name": "desired_service_name"
}
},
"effect": "Allow"
},
{
"name": "DenyOtherServices",
"resource": "DatabaseService",
"operation": "View",
"condition": {
"notMatch": {
"service.name": "desired_service_name"
}
},
"effect": "Deny"
}
]
}
```
By implementing this policy, the user account will be restricted to access only the specified service, enhancing data security and ensuring that users can only view the data they are authorised to see.