# Data Domains

### Overview

Domain Management is a preview feature in TrustLogix that enables organizations to manage access control at a business-oriented level. By defining Domains, associating Data Products, and assigning Policy Administrators, enterprises can create a scalable, structured model for governing access across data assets.

### Key Concepts

* Domain: A logical grouping of data products and their underlying assets (e.g., databases, schemas, tables).
* Data Product: A set of related data assets that serve a business purpose.
* Policy Administrator: A user assigned to manage access policies for a specific domain.
* Access Policies: Policies like RBAC, ABAC (Row Access, Masking), and template-based policies scoped to domain assets.

***

### Feature Capabilities

#### 1. Domain & Product Definition

* Domains can only be created by Super Users or Data Source Administrators.
* Within a domain, you can define one or more Data Products, each of which can contain multiple data assets.
* Each data product must be mapped to a data source (e.g., Snowflake).\\

#### 2. Domain Asset Mapping

Data assets mapped to a domain  can include:

* Database
* Schema
* Table/View
* These mappings define the scope of enforcement for all access policies under that domain.

#### 3. Data Product Asset Mapping

Data assets mapped to a domain  can include:

* Table/View

#### 4. Domain-Scoped Access Policy Management

* Once domains and products are defined, Policy Administrators can be assigned to specific domains.\
  Assigned Policy Administrators can:
  * Create RBAC and ABAC policies on data assets belonging to their domain.
  * Apply template-based policies, but only those templates defined at the domain level.
  * View and manage data products, but not the domain itself (only Super Users or Admins can manage domains).

#### 5. Policy Enforcement Scope

* RBAC Policies: Roles can be assigned access to domain-scoped data assets.
  * Template Policies: Domain-level templates only; system-level templates are not accessible to Policy Administrators.
* ABAC Policies:
  * Row Access Policies based on user entitlements or data attributes.
  * Masking Policies for sensitive data, enforceable per product and user role.<br>

***

### Step-by-Step Guide

#### A. Creating a Domain

1. Go to the TrustLogix Dashboard.
2. Navigate to the Domain Management section and click "Add Domain".
3. Enter the domain name (e.g., FinanceDetails) and a description.
4. Click Save.

#### B. Adding a Data Product to the Domain

1. Click on the domain (e.g., FinanceDetails) → Data Products → Add Product.
2. Provide product name (e.g., DetailsOne) and datasource (e.g., Snowflake).
3. Select a linked data source (e.g., Snowflake Manual Testing Account).
4. Save the data product.

**C. Linking Data Assets to the Product**

1. Go to the relevant data product (e.g., DetailsOne) → Data Assets → Add Data Asset.
2. Select asset type (Database, Schema, or Table) and link it to the Snowflake source.
3. Save the configuration.

D. **Assigning a Policy Administrator**

1. In the User Management section, click "New User".
2. Enter user details (name, email, description).
3. Assign the user role: Policy Administrator.
4. Under Domain Access, select the relevant domain(s) (e.g., FinanceDetails).
5. Save the user profile.<br>

***

### Best Practices

* Use business-friendly domain names that align with organizational units or data ownership (e.g., "Finance", "Marketing", "HR").
* Limit policy scope by assigning administrators to only the domains they govern.<br>

Keep template libraries curated at the domain level to ensure consistent policy application.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.trustlogix.io/data-domains.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.