Required permissions for Unified Data Classification

The following tables show the roles and permissions required to use Unified Data Classification.

Permissions to manage data classes

Action	Global Permission (*)
View data classes This means clicking the Data Classification tab in the Stewardship application and viewing data class details.	Product rights > Catalog () Product rights > Data Stewardship Manager () Classification > Data Classes > Read
Add data classes	Product rights > Catalog () Product rights > Data Stewardship Manager () Classification > Data Classes > Read Classification > Data Classes > Add
Import data classes	Product rights > Catalog () Product rights > Data Stewardship Manager () Classification > Data Classes > Read Classification > Data Classes > Add Classification > Data Classes > Update
Edit data classes	Product rights > Catalog () Product rights > Data Stewardship Manager () Classification > Data Classes > Read Classification > Data Classes > Update
Delete data classes	Product rights > Catalog () Product rights > Data Stewardship Manager () Classification > Data Classes > Read Classification > Data Classes > Remove
Merge data classes	Product rights > Catalog () Product rights > Data Stewardship Manager () Classification > Data Classes > Read Classification > Data Classes > Add Classification > Data Classes > Update Classification > Data Classes > Remove

(*) As a user, you need a role that has these global permissions.
(**) This permission is not needed when using the REST API.

Permissions to classify data

Action	Global Role	Global Permission	Resource Permission ()(*)
Manually classify columns This means manually adding a classification to a Column asset.	Catalog	Product rights > Catalog Classification > Data Classes > Read Classification > Data Classes > Add, if you create a new data class manually while adding a classification.	Asset > Attribute > Add Asset > Attribute > Update
Automatically classify columns, tables, schemas, or databases	Catalog	Product rights > Catalog Classification > Classify Edge > View Edge connections and capabilities	Asset > Attribute > Add Asset > Attribute > Update Asset > Attribute > Remove
Accept or reject a classification	Catalog	Product rights > Catalog	Asset > Attribute > Update

Action

Global Role

Global Permission

Resource Permission (*)(**)

Manually classify columns
This means manually adding a classification to a Column asset.

Catalog

Product rights > Catalog

Classification > Data Classes > Read

Classification > Data Classes > Add, if you create a new data class manually while adding a classification.

Asset > Attribute > Add

Asset > Attribute > Update

Automatically classify columns, tables, schemas, or databases

Catalog

Product rights > Catalog

Classification > Classify

Edge > View Edge connections and capabilities

Asset > Attribute > Add

Asset > Attribute > Update

Asset > Attribute > Remove

Accept or reject a classification

Catalog

Product rights > Catalog

Asset > Attribute > Update

(*) As a user, you need a role that has these resource permissions for all involved column assets.
(**) You also need the View permission on all assets that you want to classify.
For example, if you start the classification from a Table, you need the View permission on the table and on the related columns.
image of View permission