You can restrict who has access to SQL Data Catalog to satisfy your security policies.

Currently, three roles are supported:

• Full Access - Full access to SQL Data Catalog, including administering permissions and auth tokens.
• Classify-Only - Can only perform classification, cannot edit taxonomy or add/remove instances/databases.
• Read-Only - Can only view classification and taxonomy.

Membership of these roles is controlled by using users and groups in your Active Directory. Please note that the application server must be a part of an Active Directory domain for this to work.

When there are no configured users or groups, all users have full access.

To get started, click on Settings, and then Permissions. From this page, you can add Active Directory users or groups to the list of allowed Active Directory members.

When you have multiple users and groups configured, the system will allow a particular access level if:

• that user has that access level
• there is at least one group with the required level that contains the user.