Limit to Purpose Policies

Limit to purpose policies use purposes and Immuta projects to govern access to data.

Purposes define the scope and use of data within a project, while projects allow users to meet purpose restrictions on policies. In general, here are how purposes and projects interact to enforce purpose-based access controls:

• Governors create purposes and include them in global data policies.

• Project owners then add purposes to their project(s).

• Data users work within the context of a project to access those data sources.

For example, if a governor created the purpose Research they could author the following global policy:

Limit usage to purpose(s) Research for everyone on data sources tagged PHI.

Once a project owner adds the Research purpose to a project, any user acting under that project context would meet the criteria of the policy and gain access to data sources tagged PHI.

Refer to the data governor policy guide for a tutorial on purpose-based restrictions on data or to the Projects and purposes reference guide for more details about these features.