Required permissions for Unified Data Classification
The following tables show the required roles and permissions to use the Unified Data Classification feature.
Permissions to manage data classes
Action |
Global Permission (*) |
---|---|
View data classes
|
Product rights > Catalog (**) Classification > Data Classes > Read |
Add data classes |
Product rights > Catalog (**) Classification > Data Classes > Read Classification > Data Classes > Add |
Import data classes |
Product rights > Catalog (**) Classification > Data Classes > Read Classification > Data Classes > Add Classification > Data Classes > Update |
Edit data classes |
Product rights > Catalog (**) Classification > Data Classes > Read Classification > Data Classes > Update |
Delete data classes |
Product rights > Catalog (**) Classification > Data Classes > Read Classification > Data Classes > Remove |
(*) As a user, you need a role that has these global permissions.
(**) This permission is not needed when using the REST API.
Permissions to classify data
Action |
Global Role |
Global Permission |
Resource Permission (*)(**) |
---|---|---|---|
Manually classify columns
This means manually adding a classification to a Column asset. |
Catalog |
Product rights > Catalog Classification > Data Classes > Add, if you create a new data class manually while adding a classification. |
Asset > Attribute > Add Asset > Attribute > Update |
Automatically classify columns, tables, schemas, or databases | Catalog |
Product rights > Catalog Classification > Classify |
Asset > Attribute > Add Asset > Attribute > Update Asset > Attribute > Remove |
Accept or reject a classification | Catalog |
Product rights > Catalog |
Asset > Attribute > Update |
(*) As a user, you need a role that has these resource permissions for all involved column assets.
(**) You also need View permission on all assets that you want to classify.
For example: If you start the classification from a Table, you need View permission on the table and on the related columns.