# Author a Purpose-Based Restriction Policy

## **Prerequisite**

[A purpose has been created](/saas/govern/secure-your-data/projects-and-purpose-based-access-control/purpose-index/how-to-guides/purposes-tutorial.md)

## Permissions

`CREATE_DATA_SOURCE` or `GOVERNANCE` Immuta permission

## Build the policy

1. Click the <i class="fa-shield">:shield:</i> **Policies** icon in the navigation menu and select the **Data Policies** tab. Click **New data policy** and complete the **Policy name** field.
2. Select **Protect** as the policy type.
3. Select **Limit usage to purpose(s)** in the first dropdown menu.
4. In the next field, select a **specific purpose** that you would like to restrict usage of this data source to or **ANY PURPOSE**. You can add more than one condition by selecting **+ Add Another Condition**. The dropdown menu in the policy builder contains conjunctions for your policy. If you select **or**, only one of your conditions must apply to a user for them to see the data. If you select **and**, all of the conditions must apply.
5. Select **for everyone** or **for everyone except**. If you select for everyone except, you must select conditions that will drive the policy such as group, purpose, or attribute.
6. <i class="fa-sparkles">:sparkles:</i> [**AI-powered feature**](/saas/configuration/application-configuration/reference-guides/immuta-ai-faq/immutas-ai-features.md)**:** Click **Explain this policy** to open the AI assistant side sheet. The [AI assistant](/saas/govern/secure-your-data/authoring-policies-in-secure/data-policies/reference-guides/data-policies.md#ai-assistant) will generate a textual summary and explanation of the policy behavior on various users using mock data.
7. Opt to complete the **Enter Rationale for Policy (Optional)** field, and then click **Add**.
8. Click the dropdown menu beneath **Where should this policy be applied**, and select **On all data sources**, **On data sources**, or **When selected by data owners**. If you select **On data sources**, finish the condition in one of the following ways:
   * **tagged**: Select this option and then search for **tags** in the subsequent dropdown menu.
   * **with columns tagged**: Select this option and then search for **tags** in the subsequent dropdown menu.
   * **with column names spelled like**: Select this option, and then enter a **regex** and choose a **modifier** in the subsequent fields.
   * **in server**: Select this option and then choose a **server** from the subsequent dropdown menu to apply the policy to data sources that share this connection string.
   * **created between**: Select this option and then choose a **start date** and an **end date** in the subsequent dropdown menus.
9. Click **Activate Policy** or **Stage Policy**.

## Related guides

### How-to guides

* [Create a project](/saas/govern/secure-your-data/projects-and-purpose-based-access-control/purpose-index/how-to-guides/create-project-tutorial.md): To restrict access to data and associate your data source with a purpose, create a project and add the purpose and relevant data sources to the project.
* [Manage project purposes](/saas/govern/secure-your-data/projects-and-purpose-based-access-control/purpose-index/how-to-guides/project-management/manage-projects.md)

### Reference guides

* [Projects and purposes](/saas/govern/secure-your-data/projects-and-purpose-based-access-control/purpose-index/reference-guides/projects.md)
* [Purpose-based policy restrictions](/saas/govern/secure-your-data/authoring-policies-in-secure/data-policies/reference-guides/data-policies.md#limit-to-purpose-policies)

### Conceptual guide

[Why use projects?](/saas/govern/secure-your-data/projects-and-purpose-based-access-control/purpose-index/concept-guide/purposes-explained.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.immuta.com/saas/govern/secure-your-data/authoring-policies-in-secure/data-policies/how-to-guides/purpose-tutorial.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.