# Author a Purpose-Based Restriction Policy

**Requirement and prerequisite**:

* `CREATE_DATA_SOURCE` or `GOVERNANCE` Immuta permission
* A [purpose has been created](https://documentation.immuta.com/latest/governance/author-policies-for-data-access-control/projects-and-purpose-based-access-control/projects-and-purpose-controls/how-to-guides/purposes-tutorial)

## Build the policy

1. Determine your [policy scope](https://documentation.immuta.com/latest/governance/author-policies-for-data-access-control/authoring-policies-in-secure/..#policy-scope):
   * **Global policy**: Click the <i class="fa-shield">:shield:</i> **Policies** icon in the navigation menu and select the **Data Policies** tab. Click **New data policy** and complete the **Policy name** field.
   * **Local policy**: Navigate to a specific data source and click the **Policies** tab. Scroll to the **Data Policies** section and click **New Policy**.
2. Select **Limit usage to purpose(s)** in the first dropdown menu.
3. In the next field, select a **specific purpose** that you would like to restrict usage of this data source to or **ANY PURPOSE**. You can add more than one condition by selecting **+ Add Another Condition**. The dropdown menu in the policy builder contains conjunctions for your policy. If you select **or**, only one of your conditions must apply to a user for them to see the data. If you select **and**, all of the conditions must apply.
4. Select **for everyone** or **for everyone except**. If you select for everyone except, you must select conditions that will drive the policy such as group, purpose, or attribute.
5. Opt to complete the **Enter Rationale for Policy (Optional)** field, and then click **Add**.
6. For global policies: Click the dropdown menu beneath **Where should this policy be applied**, and select **On all data sources**, **On data sources**, or **When selected by data owners**. If you select **On data sources**, finish the condition in one of the following ways:
   * **tagged**: Select this option and then search for **tags** in the subsequent dropdown menu.
   * **with columns tagged**: Select this option and then search for **tags** in the subsequent dropdown menu.
   * **with column names spelled like**: Select this option, and then enter a **regex** and choose a **modifier** in the subsequent fields.
   * **in server**: Select this option and then choose a **server** from the subsequent dropdown menu to apply the policy to data sources that share this connection string.
   * **created between**: Select this option and then choose a **start date** and an **end date** in the subsequent dropdown menus.
7. Click **Create Policy**. If creating a global policy, you then need to click **Activate Policy** or **Stage Policy**.

## Related guides

### How-to guides

* [Create a project](https://documentation.immuta.com/latest/governance/author-policies-for-data-access-control/projects-and-purpose-based-access-control/projects-and-purpose-controls/how-to-guides/create-project-tutorial): To restrict access to data and associate your data source with a purpose, create a project and add the purpose and relevant data sources to the project.
* [Manage project purposes](https://documentation.immuta.com/latest/governance/author-policies-for-data-access-control/projects-and-purpose-based-access-control/projects-and-purpose-controls/how-to-guides/project-management/manage-projects)

### Reference guides

* [Projects and purposes](https://documentation.immuta.com/latest/governance/author-policies-for-data-access-control/projects-and-purpose-based-access-control/projects-and-purpose-controls/reference-guides/projects)
* [Purpose-based policy restrictions](https://documentation.immuta.com/latest/governance/author-policies-for-data-access-control/authoring-policies-in-secure/reference-guides/data-policies#limit-to-purpose-policies)

### Conceptual guide

[Why use projects?](https://documentation.immuta.com/latest/governance/author-policies-for-data-access-control/projects-and-purpose-based-access-control/projects-and-purpose-controls/purposes-explained)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.immuta.com/latest/governance/author-policies-for-data-access-control/authoring-policies-in-secure/data-policies/how-to-guides/purpose-tutorial.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.