- For details on data access governance (DAG) user attributes and who can perform this task, see the DAG Overview.
- For a tutorial on using DAG, see Getting started with data access governance (DAG).
Create a policy
- In Access Control, click Policies.
- Click Create Policy.
- Configure the policy using the following settings, and then click Create.
Step 1: Add policy details
Step 2: Select users or groups
Step 3: Select resources and actions
Step 4 (Optional): Add conditions
Operators by attribute data type
When the attribute type is User group, only Enum Set operators are available (
Contains, Contains All, Contains Any, Intersects With, Is Empty). The Intersects With operator compares a user group’s attribute against a resource attribute, enabling dual-match conditions without specifying fixed values.