# Data Domains
### Overview
Domain Management is a preview feature in TrustLogix that enables organizations to manage access control at a business-oriented level. By defining Domains, associating Data Products, and assigning Policy Administrators, enterprises can create a scalable, structured model for governing access across data assets.
### Key Concepts
* Domain: A logical grouping of data products and their underlying assets (e.g., databases, schemas, tables).
* Data Product: A set of related data assets that serve a business purpose.
* Policy Administrator: A user assigned to manage access policies for a specific domain.
* Access Policies: Policies like RBAC, ABAC (Row Access, Masking), and template-based policies scoped to domain assets.
***
### Feature Capabilities
#### 1. Domain & Product Definition
* Domains can only be created by Super Users or Data Source Administrators.
* Within a domain, you can define one or more Data Products, each of which can contain multiple data assets.
* Each data product must be mapped to a data source (e.g., Snowflake).\\
#### 2. Domain Asset Mapping
Data assets mapped to a domain can include:
* Database
* Schema
* Table/View
* These mappings define the scope of enforcement for all access policies under that domain.
#### 3. Data Product Asset Mapping
Data assets mapped to a domain can include:
* Table/View
#### 4. Domain-Scoped Access Policy Management
* Once domains and products are defined, Policy Administrators can be assigned to specific domains.\
Assigned Policy Administrators can:
* Create RBAC and ABAC policies on data assets belonging to their domain.
* Apply template-based policies, but only those templates defined at the domain level.
* View and manage data products, but not the domain itself (only Super Users or Admins can manage domains).
#### 5. Policy Enforcement Scope
* RBAC Policies: Roles can be assigned access to domain-scoped data assets.
* Template Policies: Domain-level templates only; system-level templates are not accessible to Policy Administrators.
* ABAC Policies:
* Row Access Policies based on user entitlements or data attributes.
* Masking Policies for sensitive data, enforceable per product and user role.
***
### Step-by-Step Guide
#### A. Creating a Domain
1. Go to the TrustLogix Dashboard.
2. Navigate to the Domain Management section and click "Add Domain".
3. Enter the domain name (e.g., FinanceDetails) and a description.
4. Click Save.
#### B. Adding a Data Product to the Domain
1. Click on the domain (e.g., FinanceDetails) → Data Products → Add Product.
2. Provide product name (e.g., DetailsOne) and datasource (e.g., Snowflake).
3. Select a linked data source (e.g., Snowflake Manual Testing Account).
4. Save the data product.
**C. Linking Data Assets to the Product**
1. Go to the relevant data product (e.g., DetailsOne) → Data Assets → Add Data Asset.
2. Select asset type (Database, Schema, or Table) and link it to the Snowflake source.
3. Save the configuration.
D. **Assigning a Policy Administrator**
1. In the User Management section, click "New User".
2. Enter user details (name, email, description).
3. Assign the user role: Policy Administrator.
4. Under Domain Access, select the relevant domain(s) (e.g., FinanceDetails).
5. Save the user profile.
***
### Best Practices
* Use business-friendly domain names that align with organizational units or data ownership (e.g., "Finance", "Marketing", "HR").
* Limit policy scope by assigning administrators to only the domains they govern.
Keep template libraries curated at the domain level to ensure consistent policy application.