Required permissions for Unified Data Classification

The following tables show the required roles and permissions to use the Unified Data Classification feature.

Permissions to manage data classes

Action	Global Permission (*)
View data classes This means: Open the Data Classification tab and view data class details. The Classification > Data Classes > Read permission is not enforced yet to open the Data Classification page in Stewardship.	Product rights > Catalog (**) Classification > Data Classes > Read
Add data classes	Product rights > Catalog (**) Classification > Data Classes > Read Classification > Data Classes > Add
Import data classes	Product rights > Catalog (**) Classification > Data Classes > Read Classification > Data Classes > Add Classification > Data Classes > Update
Edit data classes	Product rights > Catalog (**) Classification > Data Classes > Read Classification > Data Classes > Update
Delete data classes	Product rights > Catalog (**) Classification > Data Classes > Read Classification > Data Classes > Remove

(*) As a user, you need a role that has these global permissions.
(**) This permission is not needed when using the REST API.

Permissions to classify data

Action	Global Role	Global Permission	Resource Permission ()(*)
Manually classify columns This means manually adding a classification to a Column asset.	Catalog	Product rights > Catalog Classification > Data Classes > Add, if you create a new data class manually while adding a classification.	Asset > Attribute > Add Asset > Attribute > Update
Automatically classify columns, tables, schemas, or databases	Catalog	Product rights > Catalog Classification > Classify	Asset > Attribute > Add Asset > Attribute > Update Asset > Attribute > Remove
Accept or reject a classification	Catalog	Product rights > Catalog	Asset > Attribute > Update

Action

Global Role

Global Permission

Resource Permission (*)(**)

Manually classify columns
This means manually adding a classification to a Column asset.

Catalog

Product rights > Catalog

Classification > Data Classes > Add, if you create a new data class manually while adding a classification.

Asset > Attribute > Add

Asset > Attribute > Update

Automatically classify columns, tables, schemas, or databases

Catalog

Product rights > Catalog

Classification > Classify

Asset > Attribute > Add

Asset > Attribute > Update

Asset > Attribute > Remove

Accept or reject a classification

Catalog

Product rights > Catalog

Asset > Attribute > Update

(*) As a user, you need a role that has these resource permissions for all involved column assets.
(**) You also need View permission on all assets that you want to classify.
For example: If you start the classification from a Table, you need View permission on the table and on the related columns.