Privilege Template Policies

Privilege Template Policies in TrustLogix

Privilege Template Policies simplify access control by providing predefined access policies for databases and schemas. These policies are based on Privilege Templates, which define the object types and associated privileges that will be granted to a role or user when the template is applied.

How Privilege Template Policies Work

1. Define a Privilege Template

   • A template specifies the object types (database, schema, table, etc.) and the privileges (SELECT, INSERT, DELETE, etc.) assigned to users or roles.

2. Apply the Template During Policy Creation

   • When creating an Object Access Policy, select a Privilege Template to automatically enforce predefined permissions.

3. Role-Based Access Alignment

   • Templates are structured around data access personas, such as:

     • Data Analyst – Read-only access to analytical datasets.

     • Data Engineer – Read and write access to transform data.

     • Data Admin – Full control over database objects.

     • System Admin – Administrative privileges for system-level management.

4. Pre-Built & Customizable Templates

   • TrustLogix provides industry-standard privilege templates out of the box.

   • Organizations can customize existing templates or create new ones based on specific access requirements.

Creation of Privilege Template Policies

Login as Super User or Policy Administrator

Click on Data Sources from main menu. User will see all the allowed data sources in the data sources list view

Select the data source for which user wants to create access policies(User can create access policies on data source for which he/she has access to)

If Access Policies is not the default tab, Click on Access Policies tab.

Click on Create Access Policy button on access policy list view

Select Object Access card from the create policy model

Enter Policy Name and Policy Description

Select Privilege Template as Policy type from the drop down

Select the template name from the Privilege Template drop down (Click on Template link below the drop down to see what all object type and privileges are mapped under the selected template)

Select the objects based on the chosen objects

Schema represents the least object selection privilege in Template policy. All lower-level object privileges are applied at the schema and database levels, depending on the chosen schema option. If the option selected is ALL_SCHEMAS for a database, it means that grants are applied at the database level, and individual schema selection is not permitted for that database. However, if an individual schema is selected, then grants will be applied at the schema level.

Select Next button after selecting objects.

Select Principal value from the drop down

Principal value is

Role for Snowflake

Account User or Account Group for Databricks

Select Save button, to generate the grants for the selected objects and principal

Once the selected values are validated, grants will be generated

If the values provided are not valid, the policy creation process will result in an error due to validation failures. Validation can fail for the following reasons:

1. Duplicate Policy Creation: A policy already exists for the selected object and principal combination.

2. Catalog Access: The policy creation will fail if the catalog data is not accessible by control plane role.

On successful validation, policy is created and ready for deployment

Click on deploy button, on successful deployment the policy status will be moved to Deployed.

Policy deployment will be successful only all grants to be properly assigned to the TrustLogix user and no duplicate policy exists. Otherwise, the policy will fail, and any missing grants or configurations must be reported.

Benefits of Privilege Template Policies

Standardized Access Control – Ensures role-based permissions follow security best practices. Simplified Policy Management – Reduces manual effort in defining privileges for each user/role. Customizable for Flexibility – Organizations can tailor policies to their specific data governance needs. Enforces Least-Privilege – Grants only necessary permissions, minimizing security risks.