Skip to main content
This topic describes how to define a user attribute and assign it to a user to establish access. Assigning an attribute does not immediately grant or deny access. It only labels the user so that a policy can reference this attribute.

Create a user attribute

  1. From the Sift homepage, click your profile icon, and then select Manage.
  2. In Access control, click User attributes.
  3. Click Create User Attribute.
  4. Define the user attribute:
    • Type: Choose the data type for the attribute.
      • Enum: One value from a fixed list (for example, team or project).
      • Enum set: Multiple values from a fixed list (for example, users who can access several assets).
      • Boolean: True or false (for simple flags like restricted access).
      • Integer: Numeric value (for levels or thresholds such as clearance).
    • Name: Use a name tied to real concepts in your organization. Choose a name so that someone reading a policy can immediately understand what the attribute means.
    • Description: Add a description to clarify how the attribute is intended to be used in policies.
  5. Click Save.

Assign a user attribute

Next you will assign the new user attribute to the user(s) you want to govern. Assigning this attribute does not change access. It only labels the user so that a policy can later reference this attribute.
  1. In Access Control, click User Attributes.
  2. In the User attributes table, locate the attribute to use.
  3. Click Options, and then select Assign.
  4. In Assign User Attributes, in User Groups or Users, select a group or user, and click Assign.
    • You can select any user or group, but do not select yourself. You can change this selection later.
    • Once the policy is active, this user or group’s RBAC permissions will be further controlled for this specific Asset. While they might still have a global View role, the DAG policy will further restrict its boundary.
  5. Set the attribute value for the selected user or group. The input depends on the attribute’s data type:
    • Boolean: Select True or False.
    • Enum: Select a value from the predefined list.
    • Enum Set: Select one or more values from the predefined list.
    • Integer: Enter a numeric value.
  6. Click Next to review your changes.
  7. Review the assignment summary, then click Update to confirm.
At this point, no access has changed. The user still has the same RBAC role and permissions as before. Access will only be changed after you create a policy that checks for this attribute.