LogoLogo
About UsCustomersResourcesGet Started for Free
  • What is Select Star?
  • 🏁Getting Started
    • 1. Data Source Setup
    • 2. Mark Service Accounts
    • 3. Hide Unwanted Datasets
    • 4. Invite Owners
    • 5. Add Documentation
    • Next Steps
  • 🔄Integrations
    • Snowflake
      • Using Key Pair Authentication
      • Using Password Authentication
      • Snowflake Tag Sync
      • Snowflake Key Pair Rotation
    • Databricks
      • Databricks on AWS
      • Databricks on Azure
    • BigQuery
    • AWS Redshift
      • Manual setup
    • Microsoft SQL Server / MS SQL (beta)
      • Query Logs
    • MySQL (beta)
      • Query Logs
    • Oracle (beta)
      • Query Logs
    • Salesforce (beta)
    • DB2 (beta)
    • PostgreSQL
      • AWS Aurora PostgreSQL
      • AWS RDS PostgreSQL
      • PostgreSQL on-prem
    • AWS Glue (beta)
    • dbt
      • dbt Cloud
      • dbt Core (open source)
      • dbt Tags
      • dbt Tests
      • dbt docs Sync
        • Github dbt docs Sync
        • Bitbucket dbt docs Sync
      • dbt Impact Report
      • dbt Project Dependencies
    • Apache Airflow (beta)
    • Tableau
      • Tableau Cloud
      • Tableau Server
    • PowerBI
    • Looker
    • Metabase
    • Fivetran (beta)
    • Mode
    • Sigma Computing
    • Sisense / Periscope (beta)
    • Looker Studio (beta)
    • ThoughtSpot
    • QuickSight (beta)
      • Event Logs
    • Hex (beta)
    • Slack
    • Monte Carlo
    • Private Network
    • Request an Integration
  • ✨Features
    • Search
    • Table Page
    • Database Page
    • Dashboard Page
    • Data Lineage
    • Entity Relationship Diagram (ERD)
    • Queries & Joins
    • Tags
    • Teams
    • Discussion
    • Downstream Notifications
    • Documentation
      • Pages
      • Metrics
        • Metrics Generation
      • Glossary
    • Automated Documentation
    • User Analytics
    • Chrome Extension
    • Source Tables
    • Cost Analysis
    • Schema Change Detection
    • AI Features & Settings
      • Ask AI Chatbot
    • Request a Feature
  • 🧭Data Discovery
    • Where's my data?
    • Where's my dashboard?
    • How can I get the full context of this data?
    • My dashboard looks off
    • Change management
    • I'm new to the team
    • I have a data question
  • 🗃️Data Management
    • Add Documentation
      • CSV Metadata Upload
    • Collections
    • Tags
    • Data Ownership
    • Sensitive / PII Data
    • Automated PII Detection
  • 📚Learning Data
    • Getting Started: Looker
    • Getting Started: Mode
    • Getting Started: Tableau
    • Getting Started: Snowflake
    • Getting Started: Databricks
    • Getting Started: Data Warehouse
    • Getting Started: BigQuery
      • Nested Fields
    • Getting Started: Sigma
    • Getting Started: ThoughtSpot
  • 🛠️Data Source Management
    • Manage Data Sources
    • Connect Data Source Users to Select Star
    • Custom Attributes
    • Recent Queries
  • 👥User Management
    • Invite Users
    • Roles & Permissions
    • SAML SSO
    • Importing Roles and Teams (Okta)
    • Policy Based Access Control
    • Account and User Settings
  • 💻Select Star API
    • Overview
    • API Token
    • Getting Started
    • Rich Text Descriptions via API
    • Troubleshooting
    • API Examples
    • API Reference
  • 🔓Security & Compliance
  • ❓FAQ
    • Icon Map
  • 📰Changelog
    • April 16, 2025 - Semantic Models, AI Metrics, and More!
    • March 12, 2025 - Fivetran Integration, Tableau Updates and More!
    • February 6, 2025 - Collections, Slack App Published, Salesforce Formula Lineage and more!
    • December 10, 2024 - Hex Integration, Impact Score & Snowflake Key Pair Authentication!
    • November 13, 2024 - New Navigation, Airflow and More!
    • September 30, 2024 - Upstream Data Quality Issue Tracking & 5 New Integrations!
    • August 30, 2024 - Monte Carlo, dbt Cross-Project Lineage
    • July 31, 2024 - Glossary Import, Lineage Updates & more!
    • July 9, 2024 - Lineage Explorer 2.0, Slack AI and Notifications
    • February 29, 2024 - AI Chat, Schema Change Notifications
    • February 23, 2024 - Manual Lineage Creation
    • November 23, 2023 - Bulk AI Documentation
    • October 19, 2023 - Downstream Notifications
    • October 16, 2023 - New Homepage
    • October 13, 2023 - dbt Impact Report
    • Historical Changelogs
  • Security & Compliance
  • System Status
Powered by GitBook
On this page
  • Introduction
  • Video Tutorials
  • Getting Started
  • Create a Policy
  • Update a Policy
  • Priorities and overlapping
  • Other views and context menus
  • Default Policies
  • Migrating to Policy Based Access Control
  • Data objects
  • Tags

Was this helpful?

  1. User Management

Policy Based Access Control

PreviousImporting Roles and Teams (Okta)NextAccount and User Settings

Last updated 7 months ago

Was this helpful?

Introduction

Policy based access control (PBAC) is a well known security approach that grants or limits access to resources within a system, based on policies. At Select Star, we are introducing this new approach to provide our users with fine grain access control over what their users can see, manage and administer.

This layer will be built upon our existing use of , you should be familiar with that section in order to fully understand how Policy based access works.

Roles will determine what actions can a user take on a given object. Currently, Select Star has three main roles for a user i.e Admin, Data Manager, and Viewer.

Example: A user with the Viewer role can read descriptions, but only users with Data Manager and Admin roles can edit descriptions.

Policies will determine what Roles apply to a given data object and user or team.

Example: A policy named Marketing View Policy with a Admin Role, is assigned to the database PROD_MARKETING and to the Marketing team. Users that belong to the Marketing team will be able to view, edit and manage, all items in PROD_MARKETING.

In summary, using roles and policies to control access to your metadata in Select Star will help you determine who can access each data object within select star: Databases, schemas, models, dashboards, etc; and what level of permission will they have when accessing those objects: Viewer, Data Manager, Admin.

You can read a complete list of all the data objects that can be selected in policies at the end of this document in the Data objects section.

Video Tutorials

Tutorial 1

Watch this video to see a breakdown of how Policy Based Access Control works

Tutorial 2

Watch this video to see examples of using Policy Based Access Control in Select Star

Getting Started

Once enabled, you can go to Settings > Access Control to create and edit access control rules.

Default policies will be enabled for the users based on the roles already applied to these users. There will be no change in what your users see unless you create policies to be applied to particular asset types. New users added to your organization will be assigned to the default policies based on their organization-wide role.

Create a Policy

To create a policy, you must have admin permissions for Select Star.

Click on the Add button, in your admin panel as shown in the image above (2), and enter the information as follows

Policy Name: Choose a name for your policy

Applies to: Choose who is affected by the policy (user, team or everyone)

Permission Role: Chose the permission role that will apply for the given team and data assets. You can only select one permission role per policy, to learn what actions roles allow, read more in Roles & Permissions.

Access to: Choose the data assets that will be affected by this policy. Assets you can select include databases, schemas, dashboards, and Tableau folders.

Update a Policy

To update a policy, you must have admin permissions for your organization.

Go to Settings > Access Control and click Edit on the policy you want to edit.

Changes will be applied immediately in our system, however you can expect some delay for changes to take effect on the client side. To ensure the change happens as quick as possible, make sure you log out, clear your browser's cache, and log in again.

Priorities and overlapping

Policies can sometimes overlap giving users different permissions on one same object. When this happens, the user will be granted the most permissive policy available.

Example: John Doe is part of the Marketing team, and has Viewer Access on the PROD_MARKETING database. Within that database, there is a schema called COLD_LEADS.

John Doe also has a policy Lead Manager Policy, that allows him to make edits to the schema COLD_LEADS.

Both policies, Marketing View Policy and Lead Manager Policy, apply to John Doe, and to COLD_LEADS, but the most permissive will have precedence so the user will be able to edit and delete objects in COLD_LEADS.

Other views and context menus

Access control acts at different levels. In its most basic form, PBAC determines how you view a specific asset within its corresponding page. However, Select Star shows information about different assets all across the platform.

All views in Select Star will abide by the same rules, and will only show information that is available to the logged in user according to the policies you define.

Search will only surface results for which the user has View, Manage or Admin access. The same applies to the Database View, and the Data source dropdown.

Default Policies

By default, you will have three different policies, one for each Role. You can edit these policies as you wish, adding or removing users, teams, and data assets.

These policies cannot be deleted.

Migrating to Policy Based Access Control

If you already had Roles & Permissions defined for your users and teams, we will automatically map these to Policy Based Access Control Default policies.

Data objects

Policies will affect one or more data objects. The data objects we support are:

  • Data sources: any data source that's connected to Select Star in your organization.

  • Data Warehouse: Databases and Schemas.

  • BI Tools: Folders and Dashboards.

Tags

PBAC needs to be enabled by Select Star staff for you organization, contact us at to start using this feature.

Note policy based access control in Select Star is focused on granting permissions – not restricting them.

If you are already a customer, PBAC will need to be turned on for your account. We have you covered! Reach out to us at to activate this feature in your account.

Note - There is an wildcard option available called everything that will allow you to apply a policy to all the objects within your organization.

Coming soon. If you are interested in limiting access based on attributes, reach out to so we can add take you into account as we roll this out.

👥
💡
💡
support@getselectstar.com
support@getselectstar.com
support@getselectstar.com
Roles & Permission