Metadata Policy Helper¶
The metadata policy helper package creates metadata policies with patterns not supported by the UI.
Additional patterns will be added to the package based on data teams need.
Configuration¶
Warning
The user that sets up the workflow in Atlan must a connection admin on the connection where the policy is added.
Looker Folder¶
Create a policy with all Looker dashboards belonging to one or more Looker folders.
- Persona name: name of the persona where the policy is created/updated.
- Policy name: name of the policy to be created/updated.
- Looker Connection: connection on which to apply the policy.
- Looker folder identifier: whether the folders are identified by
Name
orID
, default:Name
- Looker folders: list of Looker folders (
Names
orIDs
based on what toggled as Looker folders identifier) separated by @@@. E.g. Folder 1@@@Folder 2 - Policy permissions: set of permissions to be applied to the policy:
- Assets Read: view an asset's activity log, custom metadata, and SQL queries
- Assets Update: change asset metadata, including description, certification, owners, README, and resources
- Update Custom Metadata Values
- Add Tags to the assets
- Remove Tags from the assets
- Add Terms to the assets
- Remove Terms from the assets
- API Create: create new assets within the selected connection (via API)
- API Delete: delete assets within the selected connection (via API)
- Policy type:
- Allow: allow the selected permissions.
- Deny: deny the selected permissions. If selected, this will override all grants of those permissions from any other policies for the same users.
Tableau Project¶
Create a policy with all Tableau assets belonging to one or more Tableau project.
Warning
If a project is selected, all sub-projects (and their assets) will be included in the policy.
- Persona name: name of the persona where the policy is created/updated.
- Policy name: name of the policy to be created/updated.
- Tableau Connection: connection on which to apply the policy.
- Tableau projects: list of Tableau projects separated by @@@. E.g. Project 1@@@Project 2
- Policy permissions: set of permissions to be applied to the policy:
- Assets Read: view an asset's activity log, custom metadata, and SQL queries
- Assets Update: change asset metadata, including description, certification, owners, README, and resources
- Update Custom Metadata Values
- Add Tags to the assets
- Remove Tags from the assets
- Add Terms to the assets
- Remove Terms from the assets
- API Create: create new assets within the selected connection (via API)
- API Delete: delete assets within the selected connection (via API)
- Policy type:
- Allow: allow the selected permissions.
- Deny: deny the selected permissions. If selected, this will override all grants of those permissions from any other policies for the same users.
Quicksight Folder¶
Create a policy with all Quicksight dashboards, datasets and analyses belonging to one or more Quicksight folders.
- Persona name: name of the persona where the policy is created/updated.
- Policy name: name of the policy to be created/updated.
- Quicksight Connection: connection on which to apply the policy.
- Quicksight folder identifier: whether the folders are identified by
Name
orID
, default:Name
- Quicksight folders: list of Quicksight folders (
Names
orIDs
based on what toggled as Quicksight folders identifier) separated by @@@. E.g. Folder 1@@@Folder 2 - Policy permissions: set of permissions to be applied to the policy:
- Assets Read: view an asset's activity log, custom metadata, and SQL queries
- Assets Update: change asset metadata, including description, certification, owners, README, and resources
- Update Custom Metadata Values
- Add Tags to the assets
- Remove Tags from the assets
- Add Terms to the assets
- Remove Terms from the assets
- API Create: create new assets within the selected connection (via API)
- API Delete: delete assets within the selected connection (via API)
- Policy type:
- Allow: allow the selected permissions.
- Deny: deny the selected permissions. If selected, this will override all grants of those permissions from any other policies for the same users.
Connections¶
Create a set of policies that provide access to all assets belonging to all or some connections.
- Persona name: name of the persona where the policy is created/updated.
- Policy prefix: prefix to add to the policy name. The policy name is the concatenation of the prefix with the connection guid.
-
Connection selector:
To create a policy for each connection belonging to the instance.
- Remove connection list: list of the connections to remove from the list. You can leave it empty if you want to process all connections.
To create a policy for the selected connections.
- Connection list: list of the connections for which a policy will be created.
-
Policy permissions: set of permissions to be applied to the policy:
- Assets Read: view an asset's activity log, custom metadata, and SQL queries
- Assets Update: change asset metadata, including description, certification, owners, README, and resources
- Update Custom Metadata Values
- Add Tags to the assets
- Remove Tags from the assets
- Add Terms to the assets
- Remove Terms from the assets
- API Create: create new assets within the selected connection (via API)
- API Delete: delete assets within the selected connection (via API)
- Policy type:
- Allow: allow the selected permissions.
- Deny: deny the selected permissions. If selected, this will override all grants of those permissions from any other policies for the same users.
Cognos Folder¶
Create a policy with all Cognos reports, dashboards, explorations, files, modules, packages and sub folders belonging to one or more Cognos folders.
- Persona name: name of the persona where the policy is created/updated.
- Policy name: name of the policy to be created/updated.
- Cognos Connection: connection on which to apply the policy.
- Cognos folder identifier: whether the folders are identified by
Name
orID
, default:Name
- Cognos folders: list of Cognos folders (
Names
orIDs
based on what toggled as Cognos folders identifier) separated by @@@. E.g. Folder 1@@@Folder 2 - Policy permissions: set of permissions to be applied to the policy:
- Assets Read: view an asset's activity log, custom metadata, and SQL queries
- Assets Update: change asset metadata, including description, certification, owners, README, and resources
- Update Custom Metadata Values
- Add Tags to the assets
- Remove Tags from the assets
- Add Terms to the assets
- Remove Terms from the assets
- API Create: create new assets within the selected connection (via API)
- API Delete: delete assets within the selected connection (via API)
- Policy type:
- Allow: allow the selected permissions.
- Deny: deny the selected permissions. If selected, this will override all grants of those permissions from any other policies for the same users.
What it does¶
The package performs the following steps:
- Check if the policy already exists:
- If it doesn't exist: create the policy based on the input parameters of the workflow
- If it exists: update the policy based on the input parameters of the workflow