Dataphin:Data permission configuration

Permission description

Only security administrators have the authority to add, modify, or remove data permission policies.

Usage instructions

• Approval rules are limited to a maximum of 50 entries.

• You can configure whether permissions are requestable based on criteria such as rule range (project, data module), environment, table type, security level, and permission type. If requestable, you may select from the system's built-in approval template, opt for automatic system approval, or customize the approval template.

• The approval template's process, nodes, and approvers are modifiable. For details on viewing or customizing approval templates, see view built-in approval templates, , create and manage approval templates, .

Add approval rules

1. Navigate to the Dataphin home page and single click the Management Center in the top menu bar.

2. Proceed as shown in the figure below to access the Add Approval Rules dialog box.

   

3. Within the Add Approval Rules dialog box, set the parameters as follows:

   Parameter	Description
   Rule Range	Choose between Project or Module as the rule range.
   Project	When setting the rule scope to a project level, select either All Projects or Specified Projects. All Projects: New projects will automatically adhere to this approval rule. Specified Projects: Allows selection of multiple projects.
   Module	When setting the rule range to module, select either All Modules or Specified Modules. All Modules: New modules will automatically adhere to this approval rule. Specified Modules: Allows selection of multiple modules. Note All modules include tables under unbound modules. Modules must have the intelligent R&D version enabled.
   Environment	Select from the Production or Development environments. The Basic environment is considered as production.
   Table Type	Choose from Logical Table, Logical View, Logical Tag Table, Physical Table, View, Meta Table, and Mirror Table. Note that enabling the intelligent R&D version is required for logical tables and views, the data distilling module for logical tag tables, and the real-time R&D module for meta and mirror tables.
   Permission Type	Available permissions vary by table type. The following details the permissions for each type: For Logical Table, Logical View, Logical Tag Table, and View: Only Select permission is supported. For Physical Table: Select, Write, Delete, and Alter permissions are supported. For Meta Table and Mirror Table: Select and Write permissions are supported. When all table types are selected, Select, Write, Delete, and Alter permissions are supported.
   Security Level	You may select either All Levels or Specified Levels. For guidance on creating data security levels, refer to and manage data classification. All Levels: New levels will automatically adhere to this approval rule. Specified Levels: Allows selection of multiple levels. Important The data classification levels of data tables range from low to high as L1, L2, L3, L4 (public to top secret), and custom data classifications. Selecting all levels may result in automatic authorization of higher-level fields added later. It is advisable to specify levels to prevent unintended permissions. The data security module must be enabled to use security levels.
   Permission Request	Set to either Enable or Disable. If permission requests are disabled, any requests will be automatically disregarded. If permission requests are enabled, an approval template must be selected. Options include Project Administrator Approval, Module Administrator Approval, Security Administrator Approval, Resource Owner Approval, and Exempt Approval, System Automatically Approves. Custom approval templates are also supported. For instructions on customizing templates, see create and manage approval templates, .

4. Click OK to finalize the addition of the approval rule.

View the list of permission approval rules

Once permission approval rules are configured, they can be edited or deleted from the list of rules.