> For the complete documentation index, see [llms.txt](https://docs.trustlogix.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.trustlogix.io/data-domains/template-policies.md). # Template Policies ### Overview **TrustLogix** introduces the concept of **Privilege Templates**, which serve as blueprints for defining access controls across a set of data source objects (e.g., tables, views, columns) and associated **privileges** (e.g., SELECT, USAGE, MODIFY).. **TrustLogix** categorizes privilege templates into below two types—**Database Level Templates**, **System Templates** and **Domain Templates**—to support both centralized and federated access control models. Each serves a distinct administrative purpose and governs a specific scope of data source objects. #### **1. System Templates** System Templates are designed for **platform administrators** (e.g., Snowflake Admins, Databricks Admins) who manage **infrastructure-level access controls** across the entire data environment. System Templates typically govern **global or system-level objects**, such as: * Data source **accounts** or tenants * **Applications** and integration services * **Warehouses** or compute engines * **Object-level roles** with admin-level privileges **etc.** Generally, Domain templates are designed for below personas in the organization: * **Super Users** * **Platform Governance Administrators \[Data Soure Administrators]** #### **2. Domain Templates** Domain Templates are designed for **Domain Policy Administrators** who manage access to data assets **within a specific domain,** such as Finance, HR, Sales, or Risk. These templates focus on **data-level access controls**, typically involving: * **Databases** * **Schemas** * **Tables & Views** * **Columns (for column-level security) etc.** Generally, Domain templates are designed for below personas in the organization: * **Domain Policy Administrators** * **Data Stewards** ### Super User Feature Capabilities 1. Super Users can create and manage both: * **System-Level Templates**: Designed to control access to global/system objects such as accounts, applications, compute warehouses, and integration services. * **Domain-Level Templates**: Targeted at domain-specific objects like databases, schemas, tables, views, and columns. #### **Access-Based Visibility Control** Templates created by Super Users are **automatically scoped and visible to personas** based on their access role and responsibility: | Persona | Access Scope | Template Visibility | | ------------------------------- | --------------------------- | --------------------------------------- | | **Domain Policy Administrator** | Domain-specific data assets | Can view and apply **Domain Templates** | | **Database Administrator** | System-level configurations | Can view and apply **System Templates** | ### Domain Policy Administrator Feature Capabilities 1. The Domain Policy Administrator can: * **View assigned template policies** created by Super Admins or Governance Teams. * **Apply templates to domain-specific assets**, such as schemas, tables, or views , by creating the RBAC-> Privilege template policy. 🔹 Example: A "Finance Analyst Access Template" might grant SELECT on financial reports and views for the `ANALYST` role. ### Step-by-Step Guide **A. Super User creating custom domain templates** 1. Go to the TrustLogix Dashboard. 2. In the Configurations section, Click **Privilege Template Management** 3. Click **Add Privilege Template** 4. Provide Template Name, Description 5. Select which data source it will apply to \[Snowflake, Databricks] 6. Select **Classified As** under Objects 7. Select Is Domain Template flag if template is created for domain policy administrators. 8. Select Object Type & Privileges 9. Click Save. **B. Super User assigning a Domain to Policy Administrator** 1. Go to the TrustLogix Dashboard. 2. In the User Management section, click "New User". 3. Enter user details (name, email, description). 4. Assign the user role: Policy Administrator. 5. Under Domain Access, select the relevant domain(s) (e.g., FinanceDetails). 6. Save the user profile. **C. Domain Policy Administrator creating template policies** 1. Go to the TrustLogix Dashboard. 2. In the Data sources section, Access Policy -> Click Create Policy 3. Select **Object Access** Option 4. Provide Policy Name, Description 5. Select **Policy Type as Privilege Template** 6. Select the domain privilege template - created by Super User. 7. Select the domain assets - database, & schema, 8. Click on Next 9. Select the Principal \[Snowflake role, Snowflake DB Role] 10. Click Save & Deploy policy. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.trustlogix.io/data-domains/template-policies.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.