Access Policies determine which rows and columns of a Data Pool are accessible. They can have multiple rules, including row-level rules with static or dynamic values.

Creating and assigning Access Policies

Follow these steps to create an Access Policy via the Console:
  1. Go to the desired Data Pool.
  2. Open the “Access Policies” tab.
  3. Click “Add new policy”.
  4. Define column and row access controls.
  5. Assign Applications to the Policy.
  6. Name and describe the policy.
  7. Review and click “Create”.
  8. Enable Access Control on the Data Pool.

Column-level rules

Column-level rules define which specific columns of a Data Pool are accessible.
Column-level rule setup

Column-level rule configuration in the Console

To grant access to all columns, use the wildcard "*":
All columns access

Configuring access to all columns

Row-level rules

Row-level rules determine which specific rows of a Data Pool are accessible.
Row-level rule setup

Row-level rule configuration

Dynamic values row-level rules

For more flexible policies, you can use dynamic values from the JWT token in row-level rules:
Dynamic row-level rule

Dynamic row-level rule configuration

For a deep dive into dynamic values and building multi-tenant applications, refer to our Multi-tenant JWT Tokens guide.

Assigning Access Policies to Applications

Access Policies are assigned to Applications to enforce data access controls.
Access Policy relationships

Access Policy Relationships

A Data Pool can have multiple Policies, each assigned to multiple Applications. An Application can have at most one Policy per Data Pool. Key points to remember:
  • A Data Pool can have multiple Policies
  • Each Policy can be assigned to multiple Applications
  • An Application can have at most one Policy per Data Pool

Access Policies and Metrics

Metrics automatically inherit Access Policies from their parent Data Pool. An Application can only query a Metric if its Access Policy permits access to all columns used in that Metric’s definition.