Skip to main content

Privacera Documentation


Policies are rule sets for usage and access. Each rule specifies a scope of control, access type, a set of user identities allowed or denied use, along with enforcement periods. Access control list schemes support both “Allow”, and “Deny” access as well as “Exclude from Allow” and “Exclude from Deny”.

Resource Policies and Tag Policies are concerned with access to data.

Controlled access datasets are subsets of connected data repositories and databases, defined by any combination of database, table, and column access (wildcards supported) or for filesystem/object stores based on object, file, folder names (with wildcard support for paths).

For Resource Policies, the scope of control is data accessible through the connected data repositories as defined by resource paths.

  • For databases structured resources, scope is specified in terms of database, table, and column access. The type of access is defined based on the actions that can be performed on that particular type of database, such as “Select”, “Update”, “Create”, “Drop”, “Alter”, etc.

  • For filesystem/object stores, the scope is defined in terms of access to entities such as a blob, object, file, or folder. Permission rules will be in the form of file actions such as "Read”, “Write”, and "Delete".

For Tag Policies, the scope of control are those data elements that have been assigned a metadata label or tag. Tag Policies are defined in terms of the tags rather than the tagged data itself or the location of the data itself.

Scheme Policies are used to specify user access to encryption and decryption services provided by the Privacera Encryption Gateway (PEG). The Scheme Policies page is enabled when the PEG service is connected.