Security
Also available as:
PDF
loading table of contents...
Adding a Tag-based PII Policy

In this example we create a tag-based policy for objects tagged "PII" in Atlas. Access to objects tagged "PII" is allowed for members of the "audit" group. All other users (the "public" group) are denied access.

To add a PII tag-based policy:

  1. Select Access Manager > Tag Based Policies, then select a tag-based service.

  2. On the List of Policies page, click Add New Policy.

    The Create Policy page appears:

  3. Enter the following information on the Create Policy page:

    Table 3.70. Policy Details

    FieldDescription
    Policy TypeSet to Access by default.
    Policy NamePII
    TAGPII
    Audit LoggingYES
    DescriptionRestrict access to resources with the PII tag.

    Table 3.71. Allow Conditions

    Label

    Description

    Select Group

    audit

    Select User<none>
    Policy Conditions<none>
    Component Permissions

    hive

    (select all permissions)


    Table 3.72. Deny Conditions

    Label

    Description

    Select Group

    public

    Select User<none>
    Policy Conditions<none>
    Component Permissions

    hive

    (select all permissions)


    If Deny Conditions does not appear on your Policy Details page, you must first Enable Deny Conditions for Policies.

    Table 3.73. Exclude from Allow Conditions

    Label

    Description

    Select Group

    audit

    Select User<none>
    Policy Conditions<none>
    Component Permissions

    hive

    (select all permissions)


    In this example we used Allow Conditions to grant access to the "audit" group, and then used Deny Conditions to deny access to the "public" group. Because the "public" group includes all users, we then used Exclude from Deny Conditions to exclude the "audit" group, in effect reinstating the "audit" group's original Allow access condition.

  4. Click Add to add the new policy.