Policy Based Access Control
Last updated
Was this helpful?
Last updated
Was this helpful?
Policy based access control (PBAC) is a well known security approach that grants or limits access to resources within a system, based on policies. At Select Star, we are introducing this new approach to provide our users with fine grain access control over what their users can see, manage and administer.
This layer will be built upon our existing use of , you should be familiar with that section in order to fully understand how Policy based access works.
Roles will determine what actions can a user take on a given object. Currently, Select Star has three main roles for a user i.e Admin, Data Manager, and Viewer.
Policies will determine what Roles apply to a given data object and user or team.
In summary, using roles and policies to control access to your metadata in Select Star will help you determine who can access each data object within select star: Databases, schemas, models, dashboards, etc; and what level of permission will they have when accessing those objects: Viewer, Data Manager, Admin.
You can read a complete list of all the data objects that can be selected in policies at the end of this document in the Data objects section.
Watch this video to see a breakdown of how Policy Based Access Control works
Watch this video to see examples of using Policy Based Access Control in Select Star
Once enabled, you can go to Settings > Access Control to create and edit access control rules.
Default policies will be enabled for the users based on the roles already applied to these users. There will be no change in what your users see unless you create policies to be applied to particular asset types. New users added to your organization will be assigned to the default policies based on their organization-wide role.
To create a policy, you must have admin permissions for Select Star.
Click on the Add button, in your admin panel as shown in the image above (2), and enter the information as follows
Policy Name: Choose a name for your policy
Applies to: Choose who is affected by the policy (user, team or everyone)
Permission Role: Chose the permission role that will apply for the given team and data assets. You can only select one permission role per policy, to learn what actions roles allow, read more in Roles & Permissions.
Access to: Choose the data assets that will be affected by this policy. Assets you can select include databases, schemas, dashboards, and Tableau folders.
To update a policy, you must have admin permissions for your organization.
Go to Settings > Access Control and click Edit on the policy you want to edit.
Changes will be applied immediately in our system, however you can expect some delay for changes to take effect on the client side. To ensure the change happens as quick as possible, make sure you log out, clear your browser's cache, and log in again.
Policies can sometimes overlap giving users different permissions on one same object. When this happens, the user will be granted the most permissive policy available.
Access control acts at different levels. In its most basic form, PBAC determines how you view a specific asset within its corresponding page. However, Select Star shows information about different assets all across the platform.
All views in Select Star will abide by the same rules, and will only show information that is available to the logged in user according to the policies you define.
Search will only surface results for which the user has View, Manage or Admin access. The same applies to the Database View, and the Data source dropdown.
By default, you will have three different policies, one for each Role. You can edit these policies as you wish, adding or removing users, teams, and data assets.
These policies cannot be deleted.
If you already had Roles & Permissions defined for your users and teams, we will automatically map these to Policy Based Access Control Default policies.
Policies will affect one or more data objects. The data objects we support are:
Data sources: any data source that's connected to Select Star in your organization.
Data Warehouse: Databases and Schemas.
BI Tools: Folders and Dashboards.
PBAC needs to be enabled by Select Star staff for you organization, contact us at to start using this feature.
Note policy based access control in Select Star is focused on granting permissions – not restricting them.
If you are already a customer, PBAC will need to be turned on for your account. We have you covered! Reach out to us at to activate this feature in your account.
Note - There is an wildcard option available called everything that will allow you to apply a policy to all the objects within your organization.
Coming soon. If you are interested in limiting access based on attributes, reach out to so we can add take you into account as we roll this out.
