Create data access rule

A data access rule creates an additional layer of protection by managing access and enhancing protection for specific usages.

When creating a data access rule, you can do one of the following:

Create a draft of the rule. This action doesn't start the synchronization (sync), allowing you to work on the rule later. The sync status of a draft rule is Draft.
Publish the rule. This action starts the sync, sending the rule to the source. The sync status of a published rule is initially Pending, and it changes to Active if the sync is successful.

Prerequisites

You have a global role that has the Protect > Edit or Protect > Administration global permission.
You have the Catalog global role. This role is required to view data classifications for selection in a data access rule.
Protect groups are created.

Steps

OpenProtect.
Click the Data Access Rules tab.
Click Create Data Access Rule.
The Data Access Rule dialog box appears.

Enter the required information.

Field	Description
Name	Enter a name to identify the rule.
Optional: Description	Enter a description for the rule.
Groups	Select the groups for the rule.
Assets	Select the data assets that the rule is protecting. Tip This field contains Business Process, Data Category, and Data Set assets, in addition to assets of custom asset types. For more information, go to Prescriptive paths.
Optional: Mask Data	Click Add Masking, and then, in the Masking Option field, select the masking level that you want to apply to a data category or data classification. Click Data Category or Data Classification, and then select the data category or data classification for the selected masking level. Tip You can add more data categories and data classifications by using Add Another Masking. If the association between the data classification and a column is not yet accepted, the rule ignores the column.
Optional: Filter Data	Click Add Filter, and then, in the Filter Action field, select the row filter that you want to apply to a data classification with a specific code set and code value. Tip The following steps are applicable only if you selected Show Some or Hide Some. In the Data Classification field, select the data classification that you want to show or hide. In the Code Set field, select the code set for the selected data classification. In the Code Value field, select the code value for the selected code set. Tip You can add more data classifications for row-filtering by using Add Another Filter.

The Summary section shows a summary of the rule.

Tip The Grant Access to Data Linked to Selected Assets checkbox is applicable to only certain data sources. For more information, go to Grant access to linked data.

Image of the Data Access Rule dialog box

To preview the rule, in the Summary section, click Generate Preview.
Tip The preview shows only the first 1,000 affected columns. The drop-down list box below the Generate Preview button is used to switch between the assets that you selected in the rule. Each asset has its own preview table.
Click Create Draft or Publish.