mirror of
https://github.com/datahub-project/datahub.git
synced 2025-07-31 21:36:08 +00:00
135 lines
103 KiB
HTML
135 lines
103 KiB
HTML
<!doctype html>
|
||
<html lang="en" dir="ltr" class="docs-wrapper docs-doc-page docs-version-current plugin-docs plugin-id-default docs-doc-id-docs/authorization/policies" data-has-hydrated="false">
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta name="generator" content="Docusaurus v2.4.3">
|
||
<title data-rh="true">Policies Guide | DataHub</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.datahub.com/docs/authorization/policies"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Policies Guide | DataHub"><meta data-rh="true" name="description" content="Introduction"><meta data-rh="true" property="og:description" content="Introduction"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://docs.datahub.com/docs/authorization/policies"><link data-rh="true" rel="alternate" href="https://docs.datahub.com/docs/authorization/policies" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.datahub.com/docs/authorization/policies" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://RK0UG797F3-dsn.algolia.net" crossorigin="anonymous"><link rel="alternate" type="application/rss+xml" href="/learn/rss.xml" title="DataHub RSS Feed">
|
||
<link rel="alternate" type="application/atom+xml" href="/learn/atom.xml" title="DataHub Atom Feed">
|
||
|
||
<link rel="preconnect" href="https://www.google-analytics.com">
|
||
<link rel="preconnect" href="https://www.googletagmanager.com">
|
||
<script async src="https://www.googletagmanager.com/gtag/js?id=G-PKGVLETT4C"></script>
|
||
<script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","G-PKGVLETT4C",{})</script>
|
||
<link rel="preconnect" href="https://www.googletagmanager.com">
|
||
<script>window.dataLayer=window.dataLayer||[]</script>
|
||
<script>!function(e,t,a,n,g){e[n]=e[n]||[],e[n].push({"gtm.start":(new Date).getTime(),event:"gtm.js"});var m=t.getElementsByTagName(a)[0],r=t.createElement(a);r.async=!0,r.src="https://www.googletagmanager.com/gtm.js?id=GTM-5M8T9HNN",m.parentNode.insertBefore(r,m)}(window,document,"script","dataLayer")</script>
|
||
|
||
|
||
<link rel="search" type="application/opensearchdescription+xml" title="DataHub" href="/opensearch.xml">
|
||
|
||
|
||
|
||
|
||
<meta httpequiv="Content-Security-Policy" content="frame-ancestors 'self' https://*.acryl.io https://acryldata.io http://localhost:*">
|
||
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;700&display=swap">
|
||
<script src="https://tools.luckyorange.com/core/lo.js?site-id=28ea8a38" async defer="defer"></script>
|
||
<script src="/scripts/rb2b.js" async defer="defer"></script>
|
||
<script src="https://app.revenuehero.io/scheduler.min.js"></script>
|
||
<script src="https://tag.clearbitscripts.com/v1/pk_2e321cabe30432a5c44c0424781aa35f/tags.js" referrerpolicy="strict-origin-when-cross-origin"></script>
|
||
<script src="/scripts/reo.js"></script>
|
||
<script id="runllm-widget-script" type="module" src="https://widget.runllm.com" crossorigin="true" runllm-name="DataHub" runllm-assistant-id="81" runllm-position="BOTTOM_RIGHT" runllm-keyboard-shortcut="Mod+j" runllm-preset="docusaurus" runllm-theme-color="#1890FF" runllm-brand-logo="https://docs.datahub.com/img/datahub-logo-color-mark.svg" runllm-community-url="https://datahub.com/slack" runllm-community-type="slack" runllm-disable-ask-a-person="true" async></script><link rel="stylesheet" href="/assets/css/styles.d8fe2eb8.css">
|
||
<link rel="preload" href="/assets/js/runtime~main.8ae4198a.js" as="script">
|
||
<link rel="preload" href="/assets/js/main.9d79f7e2.js" as="script">
|
||
</head>
|
||
<body class="navigation-with-keyboard">
|
||
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5M8T9HNN" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
|
||
|
||
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}return t}()||function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}(),document.documentElement.setAttribute("data-announcement-bar-initially-dismissed",function(){try{return"true"===localStorage.getItem("docusaurus.announcement.dismiss")}catch(t){}return!1}())</script><div id="__docusaurus">
|
||
<div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><div class="announcementBar_mb4j" style="background-color:transparent;color:#ffffff" role="banner"><div class="content_knG7 announcementBarContent_xLdY"><div class="shimmer-banner"><p>DataHub Secures $35 Million Series B</p><a href="https://datahub.com/news/series-b-announcement/" target="_blank" class="button"><div>Read the announcement<span> →</span></div></a></div></div></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a href="https://datahub.com" target="_blank" rel="noopener noreferrer" class="navbar__brand"><div class="navbar__logo"><img src="/img/datahub-logo-color-light-horizontal.svg" alt="DataHub Logo" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/datahub-logo-color-dark-horizontal.svg" alt="DataHub Logo" class="themedImage_ToTc themedImage--dark_i4oU"></div></a><div class="navbar__item dropdown dropdown--hoverable"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link versionNavItem_cbn8">Next</a><ul class="dropdown__menu"><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/docs/authorization/policies">Next</a></li><li><a class="dropdown__link" href="/docs/1.1.0/authorization/policies">1.1.0</a></li><li><hr class="dropdown-separator" style="margin: 0.4rem;"></li><li><div class="dropdown__link"><b>Archived versions</b></div></li><li>
|
||
<a class="dropdown__link" href="https://docs-website-t9sv4w3gr-acryldata.vercel.app/docs/features">1.0.0
|
||
<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg>
|
||
</a>
|
||
</li><li>
|
||
<a class="dropdown__link" href="https://docs-website-t9sv4w3gr-acryldata.vercel.app/docs/0.15.0/features">0.15.0
|
||
<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg>
|
||
</a>
|
||
</li><li>
|
||
<a class="dropdown__link" href="https://docs-website-8jkm4uler-acryldata.vercel.app/docs/0.14.1/features">0.14.1
|
||
<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg>
|
||
</a>
|
||
</li><li>
|
||
<a class="dropdown__link" href="https://docs-website-eue2qafvn-acryldata.vercel.app/docs/features">0.14.0
|
||
<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg>
|
||
</a>
|
||
</li><li>
|
||
<a class="dropdown__link" href="https://docs-website-psat3nzgi-acryldata.vercel.app/docs/features">0.13.1
|
||
<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg>
|
||
</a>
|
||
</li><li>
|
||
<a class="dropdown__link" href="https://docs-website-lzxh86531-acryldata.vercel.app/docs/features">0.13.0
|
||
<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg>
|
||
</a>
|
||
</li><li>
|
||
<a class="dropdown__link" href="https://docs-website-2uuxmgza2-acryldata.vercel.app/docs/features">0.12.1
|
||
<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg>
|
||
</a>
|
||
</li><li>
|
||
<a class="dropdown__link" href="https://docs-website-irpoe2osc-acryldata.vercel.app/docs/features">0.11.0
|
||
<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg>
|
||
</a>
|
||
</li><li>
|
||
<a class="dropdown__link" href="https://docs-website-1gv2yzn9d-acryldata.vercel.app/docs/features">0.10.5
|
||
<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg>
|
||
</a>
|
||
</li></ul></div></div><div class="navbar__items navbar__items--right"><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs">Docs</a><a class="navbar__item navbar__link" href="/integrations">Integrations</a><div class="navbar__item dropdown dropdown--hoverable"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Learn</a><ul class="dropdown__menu dropdown__menu_Z8FC"><div class="wrapper_kp81"><div><a href="https://datahub.com/weekly-demo" target="_blank" rel="noopener noreferrer" class="card_BUD7"><div class="icon_BgHd"><img src="/img/icon-join-slack.png" alt="Weekly Demo"></div><div class="title_c7DP">Weekly Demo</div></a></div><div><a href="https://datahub.com/use-cases" target="_blank" rel="noopener noreferrer" class="card_BUD7"><div class="icon_BgHd"><img src="/img/icon-forum.png" alt="Use Cases"></div><div class="title_c7DP">Use Cases</div></a></div><div><a href="httpps://datahub.com/adoption-stories" target="_blank" rel="noopener noreferrer" class="card_BUD7"><div class="icon_BgHd"><img src="/img/icon-events.png" alt="Adoption Stories"></div><div class="title_c7DP">Adoption Stories</div></a></div><div><a href="https://medium.com/datahub-project" target="_blank" rel="noopener noreferrer" class="card_BUD7"><div class="icon_BgHd"><img src="/img/icon-champions.png" alt="Blog"></div><div class="title_c7DP">Blog</div></a></div><div><a href="https://www.youtube.com/channel/UC3qFQC5IiwR5fvWEqi_tJ5w" target="_blank" rel="noopener noreferrer" class="card_BUD7"><div class="icon_BgHd"><img src="/img/icon-share-your-journey.png" alt="Youtube"></div><div class="title_c7DP">Youtube</div></a></div></div></ul></div><div class="navbar__item dropdown dropdown--hoverable"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Community</a><ul class="dropdown__menu dropdown__menu_Z8FC"><div class="wrapper_kp81"><div><a href="https://datahub.com/slack/" target="_blank" rel="noopener noreferrer" class="card_BUD7"><div class="icon_BgHd"><img src="/img/icon-join-slack.png" alt="Join Slack"></div><div class="title_c7DP">Join Slack</div></a></div><div><a href="https://datahub.com/events" target="_blank" rel="noopener noreferrer" class="card_BUD7"><div class="icon_BgHd"><img src="/img/icon-events.png" alt="Events"></div><div class="title_c7DP">Events</div></a></div><div><a href="https://datahub.com/champions/" target="_blank" rel="noopener noreferrer" class="card_BUD7"><div class="icon_BgHd"><img src="/img/icon-champions.png" alt="Champions"></div><div class="title_c7DP">Champions</div></a></div><div><a href="https://datahub.com/share-your-journey/" target="_blank" rel="noopener noreferrer" class="card_BUD7"><div class="icon_BgHd"><img src="/img/icon-share-your-journey.png" alt="Share Your Journey"></div><div class="title_c7DP">Share Your Journey</div></a></div></div></ul></div><a href="https://datahub.com/products/why-datahub-cloud/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">
|
||
<style>
|
||
.cloud-cta {
|
||
color: var(--ifm-menu-color-active);
|
||
font-weight: 600;
|
||
background: linear-gradient(40deg, var(--ifm-menu-color-active), var(--ifm-menu-color-active));
|
||
background-size: 200% 100%;
|
||
-webkit-background-clip: text;
|
||
background-clip: text;
|
||
transition: background-image 0.3s ease;
|
||
}
|
||
.cloud-cta:hover {
|
||
color: transparent;
|
||
background: linear-gradient(40deg, var(--ifm-menu-color-active), #ff1493);
|
||
background-size: 200% 100%;
|
||
-webkit-background-clip: text;
|
||
background-clip: text;
|
||
animation: gradientShift 3s ease infinite;
|
||
}
|
||
@keyframes gradientShift {
|
||
0%, 100% { background-position: 0% 50%; }
|
||
50% { background-position: 100% 50%; }
|
||
}
|
||
</style>
|
||
<div class="cloud-cta">Get Cloud</div>
|
||
</a><a href="https://datahub.com/slack?utm_source=docs&utm_medium=header&utm_campaign=docs_header" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">
|
||
<style>
|
||
.slack-logo:hover {
|
||
opacity: 0.8;
|
||
}
|
||
</style>
|
||
<img class="slack-logo" src="https://upload.wikimedia.org/wikipedia/commons/d/d5/Slack_icon_2019.svg" , alt="slack" , height="20px" style="margin: 10px 0 0 0;">
|
||
</a><div class="searchBox_ZlJk"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebarViewport_Xe31"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG menuWithAnnouncementBar_GW3s"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menuHtmlItem_M9Kj menu__list-item"><div>Getting Started</div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/features">What Is DataHub?</a><button aria-label="Toggle the collapsible sidebar category 'What Is DataHub?'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/category/features">Features</a><button aria-label="Toggle the collapsible sidebar category 'Features'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menuHtmlItem_M9Kj menu__list-item"><div>DataHub Cloud</div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/managed-datahub/managed-datahub-overview">DataHub Cloud Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/managed-datahub/welcome-acryl">Getting Started with DataHub Cloud</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/managed-datahub/upgrade_core_to_cloud">Upgrading from DataHub Core to Cloud</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/authentication/guides/sso/initialize-oidc">Configure Single Sign-On</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/managed-datahub/remote-executor/about">Remote Executor</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/managed-datahub/datahub-api/entity-events-api">DataHub API</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/managed-datahub/slack/saas-slack-app">Slack</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/managed-datahub/operator-guide/setting-up-events-api-on-aws-eventbridge">Operator Guides</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item saasOnly"><a class="menu__link" href="/docs/managed-datahub/approval-workflows">Change Proposals & Approval Workflows</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/managed-datahub/chrome-extension">Cloud Chrome Extension</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item saasOnly"><a class="menu__link" href="/docs/managed-datahub/subscription-and-notification">Subscriptions & Notifications</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/managed-datahub/release-notes/v_0_3_12">DataHub Cloud Release History</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menuHtmlItem_M9Kj menu__list-item"><div>Integrations</div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/metadata-ingestion">Overview</a><button aria-label="Toggle the collapsible sidebar category 'Overview'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/metadata-ingestion/cli-ingestion">Quickstart Guides</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/metadata-ingestion/source_overview">Sources</a><button aria-label="Toggle the collapsible sidebar category 'Sources'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/metadata-ingestion/schedule_docs/intro">Advanced Guides</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menuHtmlItem_M9Kj menu__list-item"><div>API & SDKs</div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/metadata-modeling/metadata-model">DataHub's Open Metadata Standard</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/what-is-datahub/datahub-concepts">Concepts</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/metadata-standards">Metadata Standards</a><button aria-label="Toggle the collapsible sidebar category 'Metadata Standards'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/api/datahub-apis">APIs and SDKs Overview</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/api/graphql/overview">API</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/metadata-ingestion/as-a-library">Python SDK</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/metadata-integration/java/as-a-library">Java SDK</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/cli">DataHub CLI</a><button aria-label="Toggle the collapsible sidebar category 'DataHub CLI'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/act-on-metadata">DataHub Actions</a><button aria-label="Toggle the collapsible sidebar category 'DataHub Actions'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/api/tutorials/datasets">Guides</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menuHtmlItem_M9Kj menu__list-item"><div>Admin</div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/authentication">Authentication</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/authorization">Authorization</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/authorization">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/authorization/roles">Roles</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/authorization/policies">Policies Guide</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/authorization/groups">Authorization using Groups</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/how/delete-metadata">Advanced Guides</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menuHtmlItem_M9Kj menu__list-item"><div>Deployment</div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/category/deployment-guides">Deployment Guides</a><button aria-label="Toggle the collapsible sidebar category 'Deployment Guides'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/deploy/confluent-cloud">Advanced Guides</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menuHtmlItem_M9Kj menu__list-item"><div>Developers</div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/architecture/architecture">Architecture</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/developers">Developing on DataHub</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/advanced/mcp-mcl">Advanced Guides</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menuHtmlItem_M9Kj menu__list-item"><div>Community</div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/category/community">Community</a><button aria-label="Toggle the collapsible sidebar category 'Community'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/releases">Release History</a></div></li></ul></nav></div></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">Authorization</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Policies Guide</span><meta itemprop="position" content="2"></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: Next</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><h1>Policies Guide</h1><h2 class="anchor anchorWithStickyNavbar_LWe7" id="introduction">Introduction<a href="#introduction" class="hash-link" aria-label="Direct link to Introduction" title="Direct link to Introduction"></a></h2><p>DataHub provides the ability to declare fine-grained access control Policies via the UI & GraphQL API.
|
||
Access policies in DataHub define <em>who</em> can <em>do what</em> to <em>which resources</em>. A few policies in plain English include</p><ul><li>Dataset Owners should be allowed to edit documentation, but not Tags.</li><li>Jenny, our Data Steward, should be allowed to edit Tags for any Dashboard, but no other metadata.</li><li>James, a Data Analyst, should be allowed to edit the Links for a specific Data Pipeline he is a downstream consumer of.</li><li>The Data Platform team should be allowed to manage users & groups, view platform analytics, & manage policies themselves.</li></ul><p>In this document, we'll take a deeper look at DataHub Policies & how to use them effectively.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="what-is-a-policy">What is a Policy?<a href="#what-is-a-policy" class="hash-link" aria-label="Direct link to What is a Policy?" title="Direct link to What is a Policy?"></a></h2><p>There are 2 types of Policy within DataHub:</p><ol><li>Platform Policies</li><li>Metadata Policies</li></ol><p>We'll briefly describe each.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="platform-policies">Platform Policies<a href="#platform-policies" class="hash-link" aria-label="Direct link to Platform Policies" title="Direct link to Platform Policies"></a></h3><p><strong>Platform</strong> policies determine who has platform-level privileges on DataHub. These privileges include</p><ul><li>Managing Users & Groups</li><li>Viewing the DataHub Analytics Page</li><li>Managing Policies themselves</li></ul><p>Platform policies can be broken down into 2 parts:</p><ol><li><strong>Actors</strong>: Who the policy applies to (Users or Groups)</li><li><strong>Privileges</strong>: Which privileges should be assigned to the Actors (e.g. "View Analytics")</li></ol><p>Note that platform policies do not include a specific "target resource" against which the Policies apply. Instead,
|
||
they simply serve to assign specific privileges to DataHub users and groups.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="metadata-policies">Metadata Policies<a href="#metadata-policies" class="hash-link" aria-label="Direct link to Metadata Policies" title="Direct link to Metadata Policies"></a></h3><p><strong>Metadata</strong> policies determine who can do what to which Metadata Entities. For example,</p><ul><li>Who can edit Dataset Documentation & Links?</li><li>Who can add Owners to a Chart?</li><li>Who can add Tags to a Dashboard?</li></ul><p>and so on.</p><p>A Metadata Policy can be broken down into 3 parts:</p><ol><li><strong>Resources</strong>: The 'which'. Resources that the policy applies to, e.g. "All Datasets".</li><li><strong>Privileges</strong>: The 'what'. What actions are being permitted by a policy, e.g. "Add Tags".</li><li><strong>Actors</strong>: The 'who'. Specific users, groups that the policy applies to.</li></ol><h4 class="anchor anchorWithStickyNavbar_LWe7" id="resources">Resources<a href="#resources" class="hash-link" aria-label="Direct link to Resources" title="Direct link to Resources"></a></h4><p>Resources can be associated with the policy in a number of ways.</p><ol><li>List of resource types - The entity's type for example: dataset, chart, dashboard</li><li>List of resource URNs</li><li>List of tags</li><li>List of domains</li></ol><div class="theme-admonition theme-admonition-note alert alert--secondary admonition_LlT9"><div class="admonitionHeading_tbUL"><span class="admonitionIcon_kALy"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>Important Note</div><div class="admonitionContent_S0QG"><p>The associations in the list above are an <em>intersection</em> or an <em>AND</em> operation. For example, if the policy targets
|
||
<code>1. resource type: dataset</code> and <code>3. resources tagged: 'myTag'</code>, it will apply to datasets that are tagged with tag 'myTag'.</p></div></div><h4 class="anchor anchorWithStickyNavbar_LWe7" id="privileges">Privileges<a href="#privileges" class="hash-link" aria-label="Direct link to Privileges" title="Direct link to Privileges"></a></h4><p>Check out the list of
|
||
privileges <a href="https://github.com/datahub-project/datahub/blob/master/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java" target="_blank" rel="noopener noreferrer">here</a>
|
||
. Note, the privileges are semantic by nature, and does not tie in 1-to-1 with the aspect model.</p><p>All edits on the UI are covered by a privilege, to make sure we have the ability to restrict write access. See the
|
||
<a href="#Reference">Reference</a> section below.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="actors">Actors<a href="#actors" class="hash-link" aria-label="Direct link to Actors" title="Direct link to Actors"></a></h4><p>We currently support 3 ways to define the set of actors the policy applies to:</p><ol><li>list of users (or all users)</li><li>list of groups (or all groups)</li><li>owners of the entity</li></ol><div class="theme-admonition theme-admonition-note alert alert--secondary admonition_LlT9"><div class="admonitionHeading_tbUL"><span class="admonitionIcon_kALy"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>Important Note</div><div class="admonitionContent_S0QG"><p>Unlike resources, the definitions for actors are a union of the actors. For example, if user <code>1. Alice</code> is associated
|
||
with the policy as well as <code>3. owners of the entity</code>. This means that Alice <em>OR</em> any owner of
|
||
the targeted resource(s) will be included in the policy.</p></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="managing-policies">Managing Policies<a href="#managing-policies" class="hash-link" aria-label="Direct link to Managing Policies" title="Direct link to Managing Policies"></a></h2><p>Policies can be managed on the page <strong>Settings > Permissions > Policies</strong> page. The <code>Policies</code> tab will only
|
||
be visible to those users having the <code>Manage Policies</code> privilege.</p><p>Out of the box, DataHub is deployed with a set of pre-baked Policies. The set of default policies are created at deploy
|
||
time and can be found inside the <code>policies.json</code> file within <code>metadata-service/war/src/main/resources/boot</code>. This set of policies serves the
|
||
following purposes:</p><ol><li>Assigns immutable super-user privileges for the root <code>datahub</code> user account (Immutable)</li><li>Assigns all Platform privileges for all Users by default (Editable)</li></ol><p>The reason for #1 is to prevent people from accidentally deleting all policies and getting locked out (<code>datahub</code> super user account can be a backup)
|
||
The reason for #2 is to permit administrators to log in via OIDC or another means outside of the <code>datahub</code> root account
|
||
when they are bootstrapping with DataHub. This way, those setting up DataHub can start managing policies without friction.
|
||
Note that these privilege <em>can</em> and likely <em>should</em> be altered inside the <strong>Policies</strong> page of the UI.</p><div class="theme-admonition theme-admonition-note alert alert--secondary admonition_LlT9"><div class="admonitionHeading_tbUL"><span class="admonitionIcon_kALy"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>Pro-Tip</div><div class="admonitionContent_S0QG"><p>To login using the <code>datahub</code> account, simply navigate to <code><your-datahub-domain>/login</code> and enter <code>datahub</code>, <code>datahub</code>. Note that the password can be customized for your
|
||
deployment by changing the <code>user.props</code> file within the <code>datahub-frontend</code> module. Notice that JaaS authentication must be enabled.</p></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="configuration">Configuration<a href="#configuration" class="hash-link" aria-label="Direct link to Configuration" title="Direct link to Configuration"></a></h2><p>By default, the Policies feature is <em>enabled</em>. This means that the deployment will support creating, editing, removing, and
|
||
most importantly enforcing fine-grained access policies.</p><p>In some cases, these capabilities are not desirable. For example, if your company's users are already used to having free reign, you
|
||
may want to keep it that way. Or perhaps it is only your Data Platform team who actively uses DataHub, in which case Policies may be overkill.</p><p>For these scenarios, we've provided a back door to disable Policies in your deployment of DataHub. This will completely hide
|
||
the policies management UI and by default will allow all actions on the platform. It will be as though
|
||
each user has <em>all</em> privileges, both of the <strong>Platform</strong> & <strong>Metadata</strong> flavor.</p><p>To disable Policies, you can simply set the <code>AUTH_POLICIES_ENABLED</code> environment variable for the <code>datahub-gms</code> service container
|
||
to <code>false</code>. For example in your <code>docker/datahub-gms/docker.env</code>, you'd place</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">AUTH_POLICIES_ENABLED=false</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="rest-api-authorization">REST API Authorization<a href="#rest-api-authorization" class="hash-link" aria-label="Direct link to REST API Authorization" title="Direct link to REST API Authorization"></a></h3><p>Policies only affect REST APIs when the environment variable <code>REST_API_AUTHORIZATION</code> is set to <code>true</code> for GMS. Some policies only apply when this setting is enabled, marked above, and other Metadata and Platform policies apply to the APIs where relevant, also specified in the table above.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="reference">Reference<a href="#reference" class="hash-link" aria-label="Direct link to Reference" title="Direct link to Reference"></a></h2><p>For a complete list of privileges see the
|
||
privileges <a href="https://github.com/datahub-project/datahub/blob/master/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java" target="_blank" rel="noopener noreferrer">here</a>.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="platform-level-privileges">Platform-level privileges<a href="#platform-level-privileges" class="hash-link" aria-label="Direct link to Platform-level privileges" title="Direct link to Platform-level privileges"></a></h3><p>These privileges are for DataHub operators to access & manage the administrative functionality of the system.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="access--credentials">Access & Credentials<a href="#access--credentials" class="hash-link" aria-label="Direct link to Access & Credentials" title="Direct link to Access & Credentials"></a></h4><table><thead><tr><th>Platform Privileges</th><th>Description</th><th></th></tr></thead><tbody><tr><td>Generate Personal Access Tokens</td><td>Allow actor to generate personal access tokens for use with DataHub APIs.</td><td></td></tr><tr><td>Manage Policies</td><td>Allow actor to create and remove access control policies. Be careful - Actors with this privilege are effectively super users.</td><td></td></tr><tr><td>Manage Secrets</td><td>Allow actor to create & remove Secrets stored inside DataHub.</td><td></td></tr><tr><td>Manage Users & Groups</td><td>Allow actor to create, remove, and update users and groups on DataHub.</td><td></td></tr><tr><td>Manage All Access Tokens</td><td>Allow actor to create, list and revoke access tokens on behalf of users in DataHub. Be careful - Actors with this privilege are effectively super users that can impersonate other users.</td><td></td></tr><tr><td>Manage User Credentials</td><td>Allow actor to manage credentials for native DataHub users, including inviting new users and resetting passwords</td><td></td></tr><tr><td>Manage Connections</td><td>Allow actor to manage connections to external DataHub platforms.</td><td></td></tr></tbody></table><h4 class="anchor anchorWithStickyNavbar_LWe7" id="product-features">Product Features<a href="#product-features" class="hash-link" aria-label="Direct link to Product Features" title="Direct link to Product Features"></a></h4><table><thead><tr><th>Platform Privileges</th><th>Description</th></tr></thead><tbody><tr><td>Manage Home Page Posts</td><td>Allow actor to create and delete home page posts</td></tr><tr><td>Manage Business Attribute</td><td>Allow actor to create, update, delete Business Attribute</td></tr><tr><td>Manage Documentation Forms</td><td>Allow actor to manage forms assigned to assets to assist in documentation efforts.</td></tr><tr><td>Manage Metadata Ingestion</td><td>Allow actor to create, remove, and update Metadata Ingestion sources.</td></tr><tr><td>Manage Features</td><td>Umbrella privilege to manage all features.</td></tr><tr><td>View Analytics</td><td>Allow actor to view the DataHub analytics dashboard.</td></tr><tr><td>Manage Public Views</td><td>Allow actor to create, update, and delete any Public (shared) Views.</td></tr><tr><td>Manage Ownership Types</td><td>Allow actor to create, update and delete Ownership Types.</td></tr><tr><td>Create Business Attribute</td><td>Allow actor to create new Business Attribute.</td></tr><tr><td>Manage Structured Properties</td><td>Manage structured properties in your instance.</td></tr><tr><td>View Tests</td><td>View Asset Tests.</td></tr><tr><td>Manage Tests<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to create and remove Asset Tests.</td></tr><tr><td>View Metadata Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to view the requests tab for viewing metadata proposals.</td></tr><tr><td>Create metadata constraints<sup id="fnref-2"><a href="#fn-2" class="footnote-ref">2</a></sup></td><td>Allow actor to create metadata constraints.</td></tr><tr><td>Manage Platform Settings<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to view and change platform-level settings, like integrations & notifications.</td></tr><tr><td>Manage Monitors<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to create, update, and delete any data asset monitors, including Custom SQL monitors. Grant with care.</td></tr><tr><td>View Manage Tags</td><td>Allow the actor to view the Manage Tags page.</td></tr></tbody></table><h4 class="anchor anchorWithStickyNavbar_LWe7" id="entity-management">Entity Management<a href="#entity-management" class="hash-link" aria-label="Direct link to Entity Management" title="Direct link to Entity Management"></a></h4><table><thead><tr><th>Platform Privileges</th><th>Description</th></tr></thead><tbody><tr><td>Manage Domains</td><td>Allow actor to create and remove Asset Domains.</td></tr><tr><td>Manage Glossaries</td><td>Allow actor to create, edit, and remove Glossary Entities</td></tr><tr><td>Manage Tags</td><td>Allow actor to create and remove Tags.</td></tr></tbody></table><h4 class="anchor anchorWithStickyNavbar_LWe7" id="system-management">System Management<a href="#system-management" class="hash-link" aria-label="Direct link to System Management" title="Direct link to System Management"></a></h4><table><thead><tr><th>Platform Privileges</th><th>Description</th><th></th></tr></thead><tbody><tr><td>Restore Indices API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use the Restore Indices API.</td><td></td></tr><tr><td>Get Timeseries index sizes API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use the get Timeseries indices size API.</td><td></td></tr><tr><td>Truncate timeseries aspect index size API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use the API to truncate a timeseries index.</td><td></td></tr><tr><td>Get ES task status API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use the get task status API for an ElasticSearch task.</td><td></td></tr><tr><td>Enable/Disable Writeability API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to enable or disable GMS writeability for data migrations.</td><td></td></tr><tr><td>Apply Retention API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to apply retention using the API.</td><td></td></tr><tr><td>Analytics API access<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use API read access to raw analytics data.</td><td></td></tr><tr><td>Explain ElasticSearch Query API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use the Operations API explain endpoint.</td><td></td></tr><tr><td>Produce Platform Event API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to produce Platform Events using the API.</td><td></td></tr><tr><td>Manage System Operations</td><td>Allow actor to manage system operation controls. This setting includes all System Management privileges.</td><td></td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="common-metadata-privileges">Common Metadata Privileges<a href="#common-metadata-privileges" class="hash-link" aria-label="Direct link to Common Metadata Privileges" title="Direct link to Common Metadata Privileges"></a></h3><p>These privileges are to view & modify any entity within DataHub.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="entity-privileges">Entity Privileges<a href="#entity-privileges" class="hash-link" aria-label="Direct link to Entity Privileges" title="Direct link to Entity Privileges"></a></h4><table><thead><tr><th>Entity Privileges</th><th>Description</th></tr></thead><tbody><tr><td>View Entity Page</td><td>Allow actor to view the entity page.</td></tr><tr><td>Edit Entity</td><td>Allow actor to edit any information about an entity. Super user privileges for the entity.</td></tr><tr><td>Delete</td><td>Allow actor to delete this entity.</td></tr><tr><td>Create Entity</td><td>Allow actor to create an entity if it doesn't exist.</td></tr><tr><td>Entity Exists</td><td>Allow actor to determine whether the entity exists.</td></tr><tr><td>Execute Entity</td><td>Allow actor to execute entity ingestion.</td></tr><tr><td>Get Timeline API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use the GET Timeline API.</td></tr><tr><td>Get Entity + Relationships API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use the GET Entity and Relationships API.</td></tr><tr><td>Get Aspect/Entity Count APIs<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use the GET Aspect/Entity Count APIs.</td></tr><tr><td>View Entity<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to view the entity in search results.</td></tr><tr><td>Share Entity<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to share an entity with another DataHub Cloud instance.</td></tr></tbody></table><h4 class="anchor anchorWithStickyNavbar_LWe7" id="aspect-privileges">Aspect Privileges<a href="#aspect-privileges" class="hash-link" aria-label="Direct link to Aspect Privileges" title="Direct link to Aspect Privileges"></a></h4><table><thead><tr><th>Aspect Privileges</th><th>Description</th></tr></thead><tbody><tr><td>Edit Tags</td><td>Allow actor to add and remove tags to an asset.</td></tr><tr><td>Edit Glossary Terms</td><td>Allow actor to add and remove glossary terms to an asset.</td></tr><tr><td>Edit Description</td><td>Allow actor to edit the description (documentation) of an entity.</td></tr><tr><td>Edit Links</td><td>Allow actor to edit links associated with an entity.</td></tr><tr><td>Edit Status</td><td>Allow actor to edit the status of an entity (soft deleted or not).</td></tr><tr><td>Edit Domain</td><td>Allow actor to edit the Domain of an entity.</td></tr><tr><td>Edit Data Product</td><td>Allow actor to edit the Data Product of an entity.</td></tr><tr><td>Edit Deprecation</td><td>Allow actor to edit the Deprecation status of an entity.</td></tr><tr><td>Edit Incidents</td><td>Allow actor to create and remove incidents for an entity.</td></tr><tr><td>Edit Lineage</td><td>Allow actor to add and remove lineage edges for this entity.</td></tr><tr><td>Edit Properties</td><td>Allow actor to edit the properties for an entity.</td></tr><tr><td>Edit Owners</td><td>Allow actor to add and remove owners of an entity.</td></tr><tr><td>Get Timeseries Aspect API<sup id="fnref-3"><a href="#fn-3" class="footnote-ref">3</a></sup></td><td>Allow actor to use the GET Timeseries Aspect API.</td></tr></tbody></table><h4 class="anchor anchorWithStickyNavbar_LWe7" id="proposals">Proposals<a href="#proposals" class="hash-link" aria-label="Direct link to Proposals" title="Direct link to Proposals"></a></h4><table><thead><tr><th>Proposals Privileges</th><th>Description</th></tr></thead><tbody><tr><td>Propose Tags<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose adding a tag to an asset.</td></tr><tr><td>Propose Glossary Terms<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose adding a glossary term to an asset.</td></tr><tr><td>Propose Owners<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose adding an owner to an asset.</td></tr><tr><td>Propose Domains<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose adding a domain to an asset.</td></tr><tr><td>Propose Data Contract<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose adding a data contract to a dataset.</td></tr><tr><td>Propose Structured properties<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose adding a structured property to an asset.</td></tr><tr><td>Propose Documentation<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose updates to an asset's documentation.</td></tr><tr><td>Propose Dataset Column Glossary Terms<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose a glossary term to a dataset schema column (field).</td></tr><tr><td>Propose Dataset Column Tags<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose a tag to a dataset schema column (field).</td></tr><tr><td>Propose Dataset Column Descriptions<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose a updates to dataset's schema column (field) description</td></tr><tr><td>Propose Dataset Column Structured Properties<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose a structured property to a dataset schema column (field).</td></tr><tr><td>Propose Create Glossary Term<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose creation of a new glossary term.</td></tr><tr><td>Propose Create Glossary Node<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose creation of a new glossary node.</td></tr><tr><td>Manage Tag Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal to add a tag to an asset.</td></tr><tr><td>Manage Glossary Term Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal to add a glossary term to an asset.</td></tr><tr><td>Manage Domain Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal to add a domain to an asset.</td></tr><tr><td>Manage Owner Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal to add an owner to an asset.</td></tr><tr><td>Manage Property Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal to add a structured property to an asset.</td></tr><tr><td>Manage Data Contract Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal to add a data contract to a dataset.</td></tr><tr><td>Manage Documentation Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage updates to asset's documentation.</td></tr><tr><td>Manage Dataset Column Tag Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal to add a tag to dataset schema field (column).</td></tr><tr><td>Manage Dataset Column Glossary Term Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal to add a glossary term to dataset schema field (column).</td></tr><tr><td>Manage Dataset Column Property Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal to add a structured property to dataset schema field (column).</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="specific-entity-level-privileges">Specific Entity-level Privileges<a href="#specific-entity-level-privileges" class="hash-link" aria-label="Direct link to Specific Entity-level Privileges" title="Direct link to Specific Entity-level Privileges"></a></h3><p>These privileges are not generalizable.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="users--groups">Users & Groups<a href="#users--groups" class="hash-link" aria-label="Direct link to Users & Groups" title="Direct link to Users & Groups"></a></h4><table><thead><tr><th>Entity</th><th>Privilege</th><th>Description</th></tr></thead><tbody><tr><td>Group</td><td>Edit Group Members</td><td>Allow actor to add and remove members to a group.</td></tr><tr><td>Group</td><td>Manage Group Notification Settings<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage notification settings for a group.</td></tr><tr><td>Group</td><td>Manage Group Subscriptions<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage subscriptions for a group.</td></tr><tr><td>Group</td><td>Edit Contact Information</td><td>Allow actor to change the contact information such as email & chat handles.</td></tr><tr><td>User</td><td>Edit Contact Information</td><td>Allow actor to change the contact information such as email & chat handles.</td></tr><tr><td>User</td><td>Edit User Profile</td><td>Allow actor to change the user's profile including display name, bio, title, profile image, etc.</td></tr></tbody></table><h4 class="anchor anchorWithStickyNavbar_LWe7" id="dataset">Dataset<a href="#dataset" class="hash-link" aria-label="Direct link to Dataset" title="Direct link to Dataset"></a></h4><table><thead><tr><th>Entity</th><th>Privilege</th><th>Description</th></tr></thead><tbody><tr><td>Dataset</td><td>View Dataset Usage</td><td>Allow actor to access dataset usage information (includes usage statistics and queries).</td></tr><tr><td>Dataset</td><td>View Dataset Profile</td><td>Allow actor to access dataset profile (snapshot statistics)</td></tr><tr><td>Dataset</td><td>Edit Dataset Column Descriptions</td><td>Allow actor to edit the column (field) descriptions associated with a dataset schema.</td></tr><tr><td>Dataset</td><td>Edit Dataset Column Tags</td><td>Allow actor to edit the column (field) tags associated with a dataset schema.</td></tr><tr><td>Dataset</td><td>Edit Dataset Column Glossary Terms</td><td>Allow actor to edit the column (field) glossary terms associated with a dataset schema.</td></tr><tr><td>Dataset</td><td>Edit Dataset Column Properties</td><td>Allow actor to edit the column (field) properties associated with a dataset schema.</td></tr><tr><td>Dataset</td><td>Propose Dataset Column Glossary Terms<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose column (field) glossary terms associated with a dataset schema.</td></tr><tr><td>Dataset</td><td>Propose Dataset Column Tags<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose new column (field) tags associated with a dataset schema.</td></tr><tr><td>Dataset</td><td>Manage Dataset Column Glossary Terms<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage column (field) glossary term proposals associated with a dataset schema.</td></tr><tr><td>Dataset</td><td>Propose Dataset Column Descriptions<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to propose new descriptions associated with a dataset schema.</td></tr><tr><td>Dataset</td><td>Manage Dataset Column Tag Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage column (field) tag proposals associated with a dataset schema.</td></tr><tr><td>Dataset</td><td>Edit Assertions</td><td>Allow actor to add and remove assertions from an entity.</td></tr><tr><td>Dataset</td><td>Edit Dataset Queries</td><td>Allow actor to edit the Queries for a Dataset.</td></tr><tr><td>Dataset</td><td>View Dataset Operations</td><td>Allow actor to view operations on a Dataset.</td></tr><tr><td>Dataset</td><td>Create erModelRelationship</td><td>Allow actor to add erModelRelationship on a dataset.</td></tr><tr><td>Dataset</td><td>Edit Monitors<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to edit monitors for the entity.</td></tr><tr><td>Dataset</td><td>Edit SQL Assertion Monitors<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to edit custom SQL assertion monitors for the entity. Note that this gives read query access to users with through the Custom SQL assertion builder. Grant with care.</td></tr><tr><td>Dataset</td><td>Edit Data Contract<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to edit the Data Contract for an entity.</td></tr><tr><td>Dataset</td><td>Manage Data Contract Proposals<sup id="fnref-1"><a href="#fn-1" class="footnote-ref">1</a></sup></td><td>Allow actor to manage a proposal for a Data Contract</td></tr><tr><td>Tag</td><td>Edit Tag Color</td><td>Allow actor to change the color of a Tag.</td></tr><tr><td>Domain</td><td>Manage Data Products</td><td>Allow actor to create, edit, and delete Data Products within a Domain</td></tr><tr><td>GlossaryNode</td><td>Manage Direct Glossary Children</td><td>Allow actor to create and delete the direct children of this entity.</td></tr><tr><td>GlossaryNode</td><td>Manage All Glossary Children</td><td>Allow actor to create and delete everything underneath this entity.</td></tr></tbody></table><h4 class="anchor anchorWithStickyNavbar_LWe7" id="misc">Misc<a href="#misc" class="hash-link" aria-label="Direct link to Misc" title="Direct link to Misc"></a></h4><table><thead><tr><th>Entity</th><th>Privilege</th><th>Description</th></tr></thead><tbody><tr><td>Tag</td><td>Edit Tag Color</td><td>Allow actor to change the color of a Tag.</td></tr><tr><td>Domain</td><td>Manage Data Products</td><td>Allow actor to create, edit, and delete Data Products within a Domain</td></tr><tr><td>GlossaryNode</td><td>Manage Direct Glossary Children</td><td>Allow actor to create and delete the direct children of this entity.</td></tr><tr><td>GlossaryNode</td><td>Manage All Glossary Children</td><td>Allow actor to create and delete everything underneath this entity.</td></tr></tbody></table><h2 class="anchor anchorWithStickyNavbar_LWe7" id="coming-soon">Coming Soon<a href="#coming-soon" class="hash-link" aria-label="Direct link to Coming Soon" title="Direct link to Coming Soon"></a></h2><h3 class="anchor anchorWithStickyNavbar_LWe7" id="experimental">Experimental<a href="#experimental" class="hash-link" aria-label="Direct link to Experimental" title="Direct link to Experimental"></a></h3><p>Support for Policy Constraints based on entity sub-resources (tags, glossary terms, domains, containers, etc.) is currently in development and in an experimental phase.</p><p>Currently the only supported sub-resources are tags. These are supported through an additional parameter in DataHubPolicyInfo which is currently only modifiable via API, there is no UI option to configure it. Specifically the
|
||
option is <code>privilegeConstraints</code> which takes a <code>PolicyMatchFilter</code> within the existing <code>DataHubResourceFilter</code> for a policy. This works similarly to the existing resource filter, but instead of applying to the main entity being acted on
|
||
it applies to the subResource targeted in the action. For example, if the policy specifies it is constrained to tags that equal <code>urn:li:tag:tag1</code> or <code>urn:li:tag:tag2</code> for <code>EDIT_DATASET_TAGS</code> privilege, then assuming no other policies match,
|
||
a user would only be able to apply those tags to the dataset. This is also supported with the <code>NOT_EQUALS</code> condition for preventing certain tags from being added/removed. These policies apply by default in the UI and can be configured to apply
|
||
to API operations as well through the <code>MCP_VALIDATION_PRIVILEGE_CONSTRAINTS</code> environment variable which should be applied globally (GMS, MCE Consumer, and DataHub Upgrade specifically), which is enabled by default.</p><p>Example JSON of a policy with constraints:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"actors"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"resourceOwners"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">false</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"groups"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"allGroups"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">false</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"allUsers"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">false</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"users"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token string" style="color:rgb(195, 232, 141)">"urn:li:corpuser:ryan@email.com"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"lastUpdatedTimestamp"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token number" style="color:rgb(247, 140, 108)">0</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"privileges"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token string" style="color:rgb(195, 232, 141)">"EDIT_ENTITY_TAGS"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">"EDIT_DATASET_COL_TAGS"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"editable"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">true</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"displayName"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">"Ryan Policy"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"resources"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"filter"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"> </span><span class="token property">"criteria"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"allResources"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">false</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"privilegeConstraints"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"criteria"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"field"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">"URN"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"condition"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">"EQUALS"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"values"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token string" style="color:rgb(195, 232, 141)">"urn:li:tag:PII"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">"urn:li:tag:Business Critical"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"description"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">""</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"state"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">"ACTIVE"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">"type"</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">"METADATA"</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><div class="language-graphql codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-graphql codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token keyword" style="font-style:italic">mutation</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property-query property-mutation property-mutation">createPolicy</span><span class="token punctuation" style="color:rgb(199, 146, 234)">(</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">input</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">type</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token constant" style="color:rgb(130, 170, 255)">METADATA</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">name</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token description string" style="color:rgb(195, 232, 141)">"</span><span class="token description string language-markdown" style="color:rgb(195, 232, 141)">my-policy</span><span class="token description string" style="color:rgb(195, 232, 141)">"</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">state</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token constant" style="color:rgb(130, 170, 255)">ACTIVE</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">description</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token description string" style="color:rgb(195, 232, 141)">"</span><span class="token description string language-markdown" style="color:rgb(195, 232, 141)">My policy</span><span class="token description string" style="color:rgb(195, 232, 141)">"</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">privileges</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token string" style="color:rgb(195, 232, 141)">"EDIT_ENTITY_TAGS"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">actors</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">allUsers</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">true</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">users</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">groups</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">resourceOwners</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">true</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">allGroups</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">true</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">resources</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">allResources</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">true</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">resources</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">filter</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">criteria</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">policyConstraints</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">criteria</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">field</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token description string" style="color:rgb(195, 232, 141)">"</span><span class="token description string language-markdown" style="color:rgb(195, 232, 141)">URN</span><span class="token description string" style="color:rgb(195, 232, 141)">"</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">values</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token string" style="color:rgb(195, 232, 141)">"urn:li:tag:PII"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">"urn:li:tag:Business Critical"</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token attr-name" style="color:rgb(255, 203, 107)">condition</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token constant" style="color:rgb(130, 170, 255)">EQUALS</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="feedback--questions--concerns">Feedback / Questions / Concerns<a href="#feedback--questions--concerns" class="hash-link" aria-label="Direct link to Feedback / Questions / Concerns" title="Direct link to Feedback / Questions / Concerns"></a></h2><p>We want to hear from you! For any inquiries, including Feedback, Questions, or Concerns, reach out on Slack!</p><div class="footnotes"><hr><ol><li id="fn-1">DataHub Cloud only<a href="#fnref-1" class="footnote-backref">↩</a></li><li id="fn-2">Deprecated feature<a href="#fnref-2" class="footnote-backref">↩</a></li><li id="fn-3">Only active if REST_API_AUTHORIZATION_ENABLED is true<a href="#fnref-3" class="footnote-backref">↩</a></li></ol></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="slackUtm_uoBr"><div class="slackUtm_uoBr"><hr>Need more help? Join the conversation in <a href="https://datahub.com/slack?utm_source=docs&utm_medium=footer&utm_campaign=docs_footer&utm_content=docs/authorization/policies">Slack!</a></div></div><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/datahub-project/datahub/blob/master/docs/authorization/policies.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_VsjB"></div></div></footer><div class="feedbackWrapper_mUHF"><div class="feedbackWidget_PX4d"><div class="feedbackButtons_wn3V"><strong>Is this page helpful?</strong><div><button class="feedbackButton_UgQs"><span role="img" aria-label="like" class="anticon anticon-like"><svg viewBox="64 64 896 896" focusable="false" data-icon="like" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M885.9 533.7c16.8-22.2 26.1-49.4 26.1-77.7 0-44.9-25.1-87.4-65.5-111.1a67.67 67.67 0 00-34.3-9.3H572.4l6-122.9c1.4-29.7-9.1-57.9-29.5-79.4A106.62 106.62 0 00471 99.9c-52 0-98 35-111.8 85.1l-85.9 311H144c-17.7 0-32 14.3-32 32v364c0 17.7 14.3 32 32 32h601.3c9.2 0 18.2-1.8 26.5-5.4 47.6-20.3 78.3-66.8 78.3-118.4 0-12.6-1.8-25-5.4-37 16.8-22.2 26.1-49.4 26.1-77.7 0-12.6-1.8-25-5.4-37 16.8-22.2 26.1-49.4 26.1-77.7-.2-12.6-2-25.1-5.6-37.1zM184 852V568h81v284h-81zm636.4-353l-21.9 19 13.9 25.4a56.2 56.2 0 016.9 27.3c0 16.5-7.2 32.2-19.6 43l-21.9 19 13.9 25.4a56.2 56.2 0 016.9 27.3c0 16.5-7.2 32.2-19.6 43l-21.9 19 13.9 25.4a56.2 56.2 0 016.9 27.3c0 22.4-13.2 42.6-33.6 51.8H329V564.8l99.5-360.5a44.1 44.1 0 0142.2-32.3c7.6 0 15.1 2.2 21.1 6.7 9.9 7.4 15.2 18.6 14.6 30.5l-9.6 198.4h314.4C829 418.5 840 436.9 840 456c0 16.5-7.2 32.1-19.6 43z"></path></svg></span></button><button class="feedbackButton_UgQs"><span role="img" aria-label="dislike" class="anticon anticon-dislike"><svg viewBox="64 64 896 896" focusable="false" data-icon="dislike" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M885.9 490.3c3.6-12 5.4-24.4 5.4-37 0-28.3-9.3-55.5-26.1-77.7 3.6-12 5.4-24.4 5.4-37 0-28.3-9.3-55.5-26.1-77.7 3.6-12 5.4-24.4 5.4-37 0-51.6-30.7-98.1-78.3-118.4a66.1 66.1 0 00-26.5-5.4H144c-17.7 0-32 14.3-32 32v364c0 17.7 14.3 32 32 32h129.3l85.8 310.8C372.9 889 418.9 924 470.9 924c29.7 0 57.4-11.8 77.9-33.4 20.5-21.5 31-49.7 29.5-79.4l-6-122.9h239.9c12.1 0 23.9-3.2 34.3-9.3 40.4-23.5 65.5-66.1 65.5-111 0-28.3-9.3-55.5-26.1-77.7zM184 456V172h81v284h-81zm627.2 160.4H496.8l9.6 198.4c.6 11.9-4.7 23.1-14.6 30.5-6.1 4.5-13.6 6.8-21.1 6.7a44.28 44.28 0 01-42.2-32.3L329 459.2V172h415.4a56.85 56.85 0 0133.6 51.8c0 9.7-2.3 18.9-6.9 27.3l-13.9 25.4 21.9 19a56.76 56.76 0 0119.6 43c0 9.7-2.3 18.9-6.9 27.3l-13.9 25.4 21.9 19a56.76 56.76 0 0119.6 43c0 9.7-2.3 18.9-6.9 27.3l-14 25.5 21.9 19a56.76 56.76 0 0119.6 43c0 19.1-11 37.5-28.8 48.4z"></path></svg></span></button></div></div></div></div></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/authorization/roles"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Roles</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/authorization/groups"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Authorization using Groups</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#introduction" class="table-of-contents__link toc-highlight">Introduction</a></li><li><a href="#what-is-a-policy" class="table-of-contents__link toc-highlight">What is a Policy?</a><ul><li><a href="#platform-policies" class="table-of-contents__link toc-highlight">Platform Policies</a></li><li><a href="#metadata-policies" class="table-of-contents__link toc-highlight">Metadata Policies</a></li></ul></li><li><a href="#managing-policies" class="table-of-contents__link toc-highlight">Managing Policies</a></li><li><a href="#configuration" class="table-of-contents__link toc-highlight">Configuration</a><ul><li><a href="#rest-api-authorization" class="table-of-contents__link toc-highlight">REST API Authorization</a></li></ul></li><li><a href="#reference" class="table-of-contents__link toc-highlight">Reference</a><ul><li><a href="#platform-level-privileges" class="table-of-contents__link toc-highlight">Platform-level privileges</a></li><li><a href="#common-metadata-privileges" class="table-of-contents__link toc-highlight">Common Metadata Privileges</a></li><li><a href="#specific-entity-level-privileges" class="table-of-contents__link toc-highlight">Specific Entity-level Privileges</a></li></ul></li><li><a href="#coming-soon" class="table-of-contents__link toc-highlight">Coming Soon</a><ul><li><a href="#experimental" class="table-of-contents__link toc-highlight">Experimental</a></li></ul></li><li><a href="#feedback--questions--concerns" class="table-of-contents__link toc-highlight">Feedback / Questions / Concerns</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Docs</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/">Introduction</a></li><li class="footer__item"><a class="footer__link-item" href="/docs/quickstart">Quickstart</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://datahub.com/slack" target="_blank" rel="noopener noreferrer" class="footer__link-item">Slack<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://www.youtube.com/channel/UC3qFQC5IiwR5fvWEqi_tJ5w" target="_blank" rel="noopener noreferrer" class="footer__link-item">YouTube<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://medium.com/datahub-project" target="_blank" rel="noopener noreferrer" class="footer__link-item">Blog<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a class="footer__link-item" href="/docs/townhalls">Town Halls</a></li><li class="footer__item"><a href="https://datahub.com/adoption-stories/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Adoption<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://demo.datahub.com/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Demo</a></li><li class="footer__item"><a href="https://feature-requests.datahubproject.io/roadmap" target="_blank" rel="noopener noreferrer" class="footer__link-item">Roadmap<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a class="footer__link-item" href="/docs/contributing">Contributing</a></li><li class="footer__item"><a href="https://github.com/datahub-project/datahub" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://feature-requests.datahubproject.io/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Feature Requests<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2015-2025 DataHub Project Authors.</div></div></div></footer></div>
|
||
<script src="/assets/js/runtime~main.8ae4198a.js"></script>
|
||
<script src="/assets/js/main.9d79f7e2.js"></script>
|
||
</body>
|
||
</html> |