Purposes group access controls from multiple data sources to be used together for a specific objective. Unlike grants, purposes do not directly contain data objects in their what-list. Instead, they can inherit them from grants or other purposes. Additionally, purposes can have masks and row filters attached to them.

Using purposes allows for a clear separation of responsibilities between data owners, who create grants to expose their data products in a single data source, and purpose owners, who combine data from multiple sources to serve higher-level objectives.

Similar to grants, access to a purpose can be pre-approved instead of granted immediately.


Creating a Purpose

Creating a purpose is similar to creating a grant, with a few key differences:

  • The who-list of a purpose can only include users, groups, and other purposes.
  • The what-list of a purpose can only include grants and other purposes.