Access Control Concepts
Data access control in Graph Studio is an aggregation of three concepts:
Default Access Policies
These are the base permissions that are applied to artifacts by default when they are created. Artifacts are all of the objects that are created in Graph Studio during the initial system configuration and the data onboarding process. For example, when a user connects to a database or file source, those connections are stored as artifacts, and when the data from a data source is ingested, the resulting schema, model, graphmart, and any generated datasets are also artifacts. For most types of artifacts, the access control that is supplied by a Default Access Policy is augmented by the other two access control mechanisms, permission inheritance and sharing.
Permission Inheritance
To facilitate common workflows, Graph Studio applies logic so that artifacts in the same workflow inherit the same permissions. For example, when a user creates a data source and adds a schema, the schema inherits its permissions from the data source. This permission inheritance is applied in addition to the applicable Default Access Policy.
Artifact Sharing
When you onboard data to Graph Studio, you become the creator of several types of Artifacts. Artifacts that you create can be shared with other groups (or users) from the Sharing tab (for that artifact) in the Graph Studio application. When an artifact is shared, those user-configured permissions are applied in addition to any permissions that were inherited.
For more detailed information about the access control concepts as well as user management, see User Management and Access Control Concepts.