Heya,
I saw that it is possible via API to create a policy bound to an entities dataPlatformInstance. This is super valuable for us, because we have our different data teams ingest their own platform instances in a decentralised manner. And we would like to restrict their permissions to only their dataPlatformInstance.
GraphQL code as reference:
// Query
mutation createPolicy($input: PolicyUpdateInput!) {
createPolicy(input: $input)
}
// With vars:
{"input": {
"type": "METADATA",
"name": "Platform-Instance-Policy",
"state": "ACTIVE",
"description": "Testing Platform-Instance Policies",
"privileges": [
"EDIT_ENTITY_TAGS",
"EDIT_ENTITY_OWNERS"
],
"actors": {
"users": ["urn:li:corpuser:xxx"],
"groups": [],
"allUsers": false,
"allGroups": false,
"resourceOwners": false
},
"resources": {
"filter": {
"criteria": [
{
"field": "DATA_PLATFORM_INSTANCE",
"values": [
"urn:li:dataPlatformInstance:(urn:li:dataPlatform:kafka,myInstance)"
],
"condition": "EQUALS"
}
]
}
}
}}
Now I wonder if there are already plans to surface this option to the Policies UI? I couldn’t find a way to bind one to a dataPlatformInstance using the interface.
