Skip to main content

Access Policies

Configure who can discover, contribute to, and customize your catalog

Access Policies are how you implement your metadata governance rules in dScribe. They define who can contribute to the documentation of assets, who can perform administration activities, and who can see restricted assets.

Each Access Policy is a bundle of one or more permissions. Access Policies are assigned to teams, and every user inside a team inherits the policy's permissions. See User management for how to set up users and teams.

No policy required for the basics: Searching for non-restricted assets and adding comments don't require any Access Policy. Every user can do these out of the box.

Our recommendation: At dScribe, we believe metadata should be as open as possible. We won't stop you from locking things down, but keeping your security setup simple is almost always the right call — broad discoverability helps adoption, and adoption is what makes a catalog valuable.

There are three types of Access Policies:

  • Discovery Policy — controls who can see restricted assets.

  • Contribution Policy — controls who can contribute to documentation.

  • Organization Policy — controls who can access the admin portal and which parts of it.

Discovery Policy

By default, every asset in dScribe is freely discoverable by every user. If you need to restrict the discoverability of specific assets, you create one or more Discovery Policies.

Each Discovery Policy represents a category of restricted assets — for example, "Highly Sensitive". When an asset is associated with a Discovery Policy, it's only visible to users who have that same Discovery Policy assigned to them. Discovery-restricted assets are marked in the catalog with an incognito icon.

To associate assets with a Discovery Policy, a user needs the Restrict Discovery permission (granted via a Contribution Policy, see below). Users can only associate assets with Discovery Policies they themselves have access to.

Best practice: Broad discoverability supports adoption across the organization and increases the value users get out of the catalog. Since no actual data is exposed by being listed in dScribe, we recommend keeping your use of Discovery Policies to a minimum — reserve it for genuinely sensitive content.

Contribution Policy

A Contribution Policy defines who can contribute to the documentation of assets in dScribe. It can grant any combination of these permissions:

  • Create — create new assets.

  • Edit — edit the description, properties, and relations of existing assets.

  • Delete — delete an asset.

  • Restrict Discovery — associate an asset with an existing Discovery Policy. Users can only restrict assets to Discovery Policies that have been assigned to them.

Scoping permissions to a context

Each of these permissions can be restricted to a specific context, so users can only act within their area of responsibility. The first level of scoping is by asset type — you can, for example, allow a team to edit Reports but not Datasets.

You can scope further using security-enabled properties. If a property like Domain has been enabled as a security property, you can grant a team the right to edit assets where Domain = Sales only. See security-enabled properties in the Custom properties article for setup details.

Good to know: Contribution permissions cannot be tightened against assets that don't yet have a value for the security property. In the example above, a team scoped to Domain = Sales will also be able to edit assets where Domain is still Unassigned.

Organization Policy

An Organization Policy grants access to the admin portal. Through the admin portal, users can perform a range of administration activities, which the policy can grant individually or in combination.

Manage Security

  • Users — create new and manage existing users. For users synchronised with an identity provider, certain fields are locked. See User management.

  • Teams — create new and manage existing teams, including managing team membership.

  • Access Policies — create new and manage existing Access Policies, including assigning them to teams.

  • Impersonation — impersonate any user or team to diagnose authorization issues from their perspective.

Manage Configuration

  • Asset types — organise the layout of properties on asset detail pages (per asset type) and mark properties as mandatory.

  • Properties — manage custom properties and link them to asset types.

  • Automation — set up automations.

Manage Integrations

  • Sources — create new and manage existing sources. When a connector is available for a source, the connection details can be added to enable automatic metadata crawling.

  • Agent — create an agent that allows dScribe to connect to on-premise sources.

  • API Keys — create new or manage existing API Keys for custom integrations with dScribe.

View Analytics Dashboard

  • View Company Usage Dashboard — access the analytics dashboard with insights into your most active users, your most popular assets, and more.

Where to go next

User management — set up the users and teams that policies are assigned to
Custom properties — configure security-enabled properties for fine-grained scoping
Ownership & suggestions — the editorial accountability layer that sits alongside Access Policies

Have a question or can't find what you're looking for? Use the chat icon inside the catalog to reach the dScribe support team.

Did this answer your question?