Source-based Policies

Here's an explanation for each Source-base policy.

A Source-based Policy includes all resource-based type permissions, which user will need to assign to a selected data source that has been connected to decube. Before you can select permissions, you will need to first select a data source that has been already added to decube.

Asset Selection for Access Controls

Administrators can opt to either grant permissions to resources by the entire source, entire schemas or to assets directly. This also allows administrators to grant different types of permissions to users in each Catalog asset.

Select assets to grant permissions

In the source-based policies form, select the data source which you want to add permissions for. From here, you can choose to:

  • Grant access to everything: This grants access to the same permissions to all assets within the data source, including future assets that are added to the source.

  • Grant access to specific schemas: This grants access to all tables within a schema, including future tables that are added to the selected schema.

  • Grant access to specific assets: This grants access to specific assets only in a source that the administrator has to select.

To grant specific assets inside the source, users can use the search bar to search for the assets and add them into the list. For Data warehouse or RDBMS connections, users can further narrow down the selection by filtering the asset search by schemas.

Once asset selection has been completed, the user can then continue proceed to the permissions screen.

Select Permissions for Granting Assets

Administrators can then select from a list of permissions that will apply to the selected assets in the form. The list of permissions that can be granted to the user with the permitted actions are listed in the section Permissions for Source-based policies.

Permissions for Source-based policies

Catalog and Governance

Asset Details

  • Read-only: User able to see Assets in the Catalog but unable to make changes.

  • Edit: User able to create and submit change requests for asset such as description, tags and classifications.

Run the profiler for Profile & Field Statistics

  • Allow run profiler: User able to run profiler to generate Table Overview and Field Statistics results.


Change requests

  • Approve or reject change requests: User can review change requests and be selected as an approver for change requests.

Data Quality


  • Read-only: User is able to see incidents, but unable to edit selection in Incident Details such as status.

  • Edit: User is able to update selection in Incident Details such as close or mute incidents.


  • Read-only: User able to view the list of monitoring settings in the Config, but unable to create new or modify existing monitors

  • Add, modify and delete monitors: User able to create and edit monitoring settings for all types of monitors.

Data Recon

By Default, access to Data Recon is disabled for a user unless they possess a policy of Enable Data Recon. Enabling Data Recon for a source enables users to see the list of completed recons that has been completed with that data source.

Data Recon Configuration

  • Create: User can add a new recon configuration.

  • Edit: User can edit schedule for recon configuration.

  • Delete: User can delete any existing recon.

Export Data Recon Details

  • Allow export: Allow user to export unmatched rows from Recon details.


  • Allow export reports: allowing users to access the reports module and generate reports.

Last updated