Template Policies

Overview

TrustLogix introduces the concept of Privilege Templates, which serve as blueprints for defining access controls across a set of data source objects (e.g., tables, views, columns) and associated privileges (e.g., SELECT, USAGE, MODIFY)..

TrustLogix categorizes privilege templates into below two types—Database Level Templates, System Templates and Domain Templates—to support both centralized and federated access control models. Each serves a distinct administrative purpose and governs a specific scope of data source objects.

1. System Templates

System Templates are designed for platform administrators (e.g., Snowflake Admins, Databricks Admins) who manage infrastructure-level access controls across the entire data environment.

System Templates typically govern global or system-level objects, such as:

• Data source accounts or tenants

• Applications and integration services

• Warehouses or compute engines

• Object-level roles with admin-level privileges etc.

Generally, Domain templates are designed for below personas in the organization:

• Super Users

• Platform Governance Administrators [Data Soure Administrators]

2. Domain Templates

Domain Templates are designed for Domain Policy Administrators who manage access to data assets within a specific domain, such as Finance, HR, Sales, or Risk.

These templates focus on data-level access controls, typically involving:

• Databases

• Schemas

• Tables & Views

• Columns (for column-level security) etc.

Generally, Domain templates are designed for below personas in the organization:

• Domain Policy Administrators

• Data Stewards

Super User Feature Capabilities

1. Super Users can create and manage both:

• System-Level Templates: Designed to control access to global/system objects such as accounts, applications, compute warehouses, and integration services.

• Domain-Level Templates: Targeted at domain-specific objects like databases, schemas, tables, views, and columns.

Access-Based Visibility Control

Templates created by Super Users are automatically scoped and visible to personas based on their access role and responsibility:

Domain Policy Administrator Feature Capabilities

1. The Domain Policy Administrator can:

   • View assigned template policies created by Super Admins or Governance Teams.

   • Apply templates to domain-specific assets, such as schemas, tables, or views , by creating the RBAC-> Privilege template policy.

   🔹 Example: A "Finance Analyst Access Template" might grant SELECT on financial reports and views for the ANALYST role.

Step-by-Step Guide

A. Super User creating custom domain templates

1. Go to the TrustLogix Dashboard.

2. In the Configurations section, Click Privilege Template Management

3. Click Add Privilege Template

4. Provide Template Name, Description

5. Select which data source it will apply to [Snowflake, Databricks]

6. Select Classified As under Objects

7. Select Is Domain Template flag if template is created for domain policy administrators.

8. Select Object Type & Privileges

9. Click Save.

B. Super User assigning a Domain to Policy Administrator

1. Go to the TrustLogix Dashboard.

2. In the User Management section, click "New User".

3. Enter user details (name, email, description).

4. Assign the user role: Policy Administrator.

5. Under Domain Access, select the relevant domain(s) (e.g., FinanceDetails).

6. Save the user profile.

C. Domain Policy Administrator creating template policies

1. Go to the TrustLogix Dashboard.

2. In the Data sources section, Access Policy -> Click Create Policy

3. Select Object Access Option

4. Provide Policy Name, Description

5. Select Policy Type as Privilege Template

6. Select the domain privilege template - created by Super User.

7. Select the domain assets - database, & schema,

8. Click on Next

9. Select the Principal [Snowflake role, Snowflake DB Role]

10. Click Save & Deploy policy.