Data Domains

Overview

Domain Management is a preview feature in TrustLogix that enables organizations to manage access control at a business-oriented level. By defining Domains, associating Data Products, and assigning Policy Administrators, enterprises can create a scalable, structured model for governing access across data assets.

Key Concepts

• Domain: A logical grouping of data products and their underlying assets (e.g., databases, schemas, tables).

• Data Product: A set of related data assets that serve a business purpose.

• Policy Administrator: A user assigned to manage access policies for a specific domain.

• Access Policies: Policies like RBAC, ABAC (Row Access, Masking), and template-based policies scoped to domain assets.

Feature Capabilities

1. Domain & Product Definition

• Domains can only be created by Super Users or Data Source Administrators.

• Within a domain, you can define one or more Data Products, each of which can contain multiple data assets.

• Each data product must be mapped to a data source (e.g., Snowflake).\

2. Domain Asset Mapping

Data assets mapped to a domain can include:

• Database

• Schema

• Table/View

• These mappings define the scope of enforcement for all access policies under that domain.

3. Data Product Asset Mapping

Data assets mapped to a domain can include:

• Table/View

4. Domain-Scoped Access Policy Management

• Once domains and products are defined, Policy Administrators can be assigned to specific domains. Assigned Policy Administrators can:

  • Create RBAC and ABAC policies on data assets belonging to their domain.

  • Apply template-based policies, but only those templates defined at the domain level.

  • View and manage data products, but not the domain itself (only Super Users or Admins can manage domains).

5. Policy Enforcement Scope

• RBAC Policies: Roles can be assigned access to domain-scoped data assets.

  • Template Policies: Domain-level templates only; system-level templates are not accessible to Policy Administrators.

• ABAC Policies:

  • Row Access Policies based on user entitlements or data attributes.

  • Masking Policies for sensitive data, enforceable per product and user role.

Step-by-Step Guide

A. Creating a Domain

1. Go to the TrustLogix Dashboard.

2. Navigate to the Domain Management section and click "Add Domain".

3. Enter the domain name (e.g., FinanceDetails) and a description.

4. Click Save.

B. Adding a Data Product to the Domain

1. Click on the domain (e.g., FinanceDetails) → Data Products → Add Product.

2. Provide product name (e.g., DetailsOne) and datasource (e.g., Snowflake).

3. Select a linked data source (e.g., Snowflake Manual Testing Account).

4. Save the data product.

C. Linking Data Assets to the Product

1. Go to the relevant data product (e.g., DetailsOne) → Data Assets → Add Data Asset.

2. Select asset type (Database, Schema, or Table) and link it to the Snowflake source.

3. Save the configuration.

D. Assigning a Policy Administrator

1. In the User Management section, click "New User".

2. Enter user details (name, email, description).

3. Assign the user role: Policy Administrator.

4. Under Domain Access, select the relevant domain(s) (e.g., FinanceDetails).

5. Save the user profile.

Best Practices

• Use business-friendly domain names that align with organizational units or data ownership (e.g., "Finance", "Marketing", "HR").

• Limit policy scope by assigning administrators to only the domains they govern.

Keep template libraries curated at the domain level to ensure consistent policy application.