Policy setting question

[weirongju]

I would like to ask about permission settings in OpenMetadata.

If I have data that is tagged with a sensitivity tag, how can I configure it so that only a specific group can see the data while other groups cannot? If I set it to "deny for all" initially, then no one will be able to see it.

How should I set this up?

[Prajwal214]

@weirongju If the Column/Table data is marked as (PII) Sensitive Data, the sample data will only be visible to Admins or Table owners.

In case you want to restrict users to access the asset you can add a policy to restrict users based on tags.

Example -

https://docs.open-metadata.org/latest/how-to-guides/admin-guide/roles-policies/use-cases#use-case-4-deny-all-the-access-if-the-data-asset-is-tagged-with-pii.sensitive-and-allow-only-the-owners

[weirongju]

Thank you for your response.

If I have group A, group B, and group C, and I want to set the table to be accessible only to group A, I currently set the policy by specifying the deny with tag for group B and group C. However, if I add more groups in the future, I will need to add each new group to this deny policy. Is there a better way to handle this?