Understanding Policy effects¶
Once the policies are in force, access restrictions are applied to the resources (Assets, Files, Events, Timeseries data) through various services and applications.
Prerequisites¶
- SDS should be provisioned for the environment.
- Toggle switch for "Resource Access Management" in the "Settings" application should be turned ON.
Policy effects¶
By activating the policies, application and service users (apart from Tenant Administrators, Data Lake Managers and Techusers - without Interactive User Impersonation) will be allowed controlled access as defined in the Policy, while accessing the resources as mentioned above. The nature of access restrictions depends on which fine-grained actions are specified in policy definitions.
The list of APIs from various services that support fine-grained access management are listed in Services & Required Actions.
Note
After creating/updating an "active" policy, it takes up to 5 minutes to reflect this change for the access checks in Insights Hub platform services. Similarly, any changes in Usergroup operations (like move, rename, add/remove users, etc.) also takes up to 5 minutes to take effect.
Note
When creating/updating a policy, the validations applied to policy fields will vary based on the policy's active or inactive status. If a policy is marked as active, comprehensive validations will be performed, whereas if a policy is marked as inactive, most validations will be skipped/bypassed.
*[SDS]: Secure Data Sharing