# Limit to Purpose Policies

Limit to purpose policies use purposes and Immuta projects to govern access to data.

Purposes define the scope and use of data within a project, while projects allow users to meet [purpose restrictions on policies](https://documentation.immuta.com/saas/govern/secure-your-data/authoring-policies-in-secure/data-policies/how-to-guides/purpose-tutorial). In general, here are how purposes and projects interact to enforce purpose-based access controls:

* Governors create **purposes** and include them in global data policies.
* Project owners then add purposes to their **project**(s).
* Data users work within the **context of a project** to access those data sources.

For example, if a governor created the purpose `Research` they could author the following global policy:

> Limit usage to purpose(s) Research for everyone on data sources tagged PHI.

Once a project owner adds the `Research` purpose to a project, any user acting under that project context would meet the criteria of the policy and gain access to data sources tagged `PHI`.

Refer to the [data governor policy guide](https://documentation.immuta.com/saas/govern/secure-your-data/authoring-policies-in-secure/data-policies/how-to-guides/purpose-tutorial) for a tutorial on purpose-based restrictions on data or to the [Projects and purposes reference guide](https://documentation.immuta.com/saas/govern/secure-your-data/projects-and-purpose-based-access-control/purpose-index/reference-guides/projects) for more details about these features.