# Template Policies

### Overview

**TrustLogix** introduces the concept of **Privilege Templates**, which serve as blueprints for defining access controls across a set of data source objects (e.g., tables, views, columns) and associated **privileges** (e.g., SELECT, USAGE, MODIFY)..

**TrustLogix** categorizes privilege templates into below two types—**Database Level Templates**, **System Templates** and **Domain Templates**—to support both centralized and federated access control models. Each serves a distinct administrative purpose and governs a specific scope of data source objects.

#### **1. System Templates**

System Templates are designed for **platform administrators** (e.g., Snowflake Admins, Databricks Admins) who manage **infrastructure-level access controls** across the entire data environment.

System Templates typically govern **global or system-level objects**, such as:

* Data source **accounts** or tenants
* **Applications** and integration services
* **Warehouses** or compute engines
* **Object-level roles** with admin-level privileges **etc.**

Generally, Domain templates are designed for below personas in the organization:

* **Super Users**
* **Platform Governance Administrators \[Data Soure Administrators]**

#### **2. Domain Templates**

Domain Templates are designed for **Domain Policy Administrators** who manage access to data assets **within a specific domain,** such as Finance, HR, Sales, or Risk.

These templates focus on **data-level access controls**, typically involving:

* **Databases**
* **Schemas**
* **Tables & Views**
* **Columns (for column-level security) etc.**

Generally, Domain templates are designed for below personas in the organization:

* **Domain Policy Administrators**
* **Data Stewards**

### Super User Feature Capabilities

1. Super Users can create and manage both:

* **System-Level Templates**: Designed to control access to global/system objects such as accounts, applications, compute warehouses, and integration services.
* **Domain-Level Templates**: Targeted at domain-specific objects like databases, schemas, tables, views, and columns.

#### **Access-Based Visibility Control**

Templates created by Super Users are **automatically scoped and visible to personas** based on their access role and responsibility:

| Persona                         | Access Scope                | Template Visibility                     |
| ------------------------------- | --------------------------- | --------------------------------------- |
| **Domain Policy Administrator** | Domain-specific data assets | Can view and apply **Domain Templates** |
| **Database Administrator**      | System-level configurations | Can view and apply **System Templates** |

### Domain Policy Administrator Feature Capabilities&#x20;

1. The Domain Policy Administrator can:

   * **View assigned template policies** created by Super Admins or Governance Teams.
   * **Apply templates to domain-specific assets**, such as schemas, tables, or views , by creating the RBAC-> Privilege template policy.

   🔹 Example: A "Finance Analyst Access Template" might grant SELECT on financial reports and views for the `ANALYST` role.

### Step-by-Step Guide

**A. Super User creating custom domain templates**

1. Go to the TrustLogix Dashboard.
2. In the Configurations section,   Click **Privilege Template Management**
3. Click **Add Privilege Template**
4. Provide  Template Name, Description
5. Select which data source it will apply to \[Snowflake, Databricks]
6. Select **Classified As** under Objects
7. Select Is Domain Template flag if template is created for domain policy administrators.
8. Select Object Type & Privileges
9. Click Save.

**B. Super User assigning a Domain to Policy Administrator**

1. Go to the TrustLogix Dashboard.
2. In the User Management section, click "New User".
3. Enter user details (name, email, description).
4. Assign the user role: Policy Administrator.
5. Under Domain Access, select the relevant domain(s) (e.g., FinanceDetails).
6. Save the user profile.

**C. Domain Policy Administrator creating template policies**

1. Go to the TrustLogix Dashboard.
2. In the Data sources section, Access Policy ->  Click Create Policy
3. Select **Object Access** Option
4. Provide Policy Name, Description
5. Select **Policy Type as Privilege Template**&#x20;
6. Select the domain privilege template - created by Super User.
7. Select the domain assets - database, & schema,
8. Click on Next
9. Select the Principal  \[Snowflake role, Snowflake DB Role]
10. Click Save & Deploy policy.