Adding a tag-based PII policy
Example of how to add a PII tag-based policy. In this example we create a tag-based policy for objects tagged "PII" in Atlas. Access to objects tagged "PII" is allowed for members of the "audit" group. All other users (the "public" group) are denied access.
- Select Access Manager > Tag Based Policies, then select a tag-based service.
-
On the List of Policies page, click Add New Policy.
The Create Policy page appears:
- Enter the following information on the Create Policy page:
Table 1. Policy Details Field Description Policy Type Set to Access by default. Policy Name PII TAG PII Audit Logging YES Description Restrict access to resources with the PII tag. Table 2. Allow Conditions Label
Description
Select Group audit
Select User <none> Policy Conditions <none> Component Permissions hive
(select all permissions)
Table 3. Deny Conditions Label
Description
Select Group public
Select User <none> Policy Conditions <none> Component Permissions hive
(select all permissions)
Table 4. Exclude from Deny Conditions Label
Description
Select Group audit
Select User <none> Policy Conditions <none> Component Permissions hive
(select all permissions)
In this example we used Allow Conditions to grant access to the "audit" group, and then used Deny Conditions to deny access to the "public" group. Because the "public" group includes all users, we then used Exclude from Deny Conditions to exclude the "audit" group, in effect reinstating the "audit" group's original Allow access condition.
- Click Add to add the new policy.