Default Policies

Default policies are used when no policy has been assigned to a pipeline.

When you configure a job for a pipeline, you specify the policies to use. As a result, the default policies are used only when you specifically select the default policies for the job.

However, the default read and write policies are always used when you run a local pipeline in a Data Protector-enabled Data Collector. A local pipeline is a pipeline that is managed by a Data Collector and that runs locally on that Data Collector.

The default policies are also used when you run data preview. The default read policy is applied to the data upon read and affects the data that you view in the UI. The default write policy is applied when you configure the data preview to write to destinations and executors. The application of the write policy displays in the destination system. The write policy does not affect the pipeline data that displays in the UI.

Choose and configure default policies carefully. You can set one default read policy and one default write policy for the organization. Typically, you want to set the most restrictive policy as the default, and create less restrictive policies to be shared only with the appropriate users and groups.

For example, since pipeline developers use data preview to configure pipelines, you must ensure that the default read policy protects sensitive data that they should not see, such as social security numbers, home addresses, or credit card numbers.

To set a policy as default, in the Protection Policies view, click the policy name, then click Set Default.

Permissions for Default Policies

Default policies are implicitly shared with the entire organization so all users have access to the policies.

When you configure a protection policy to be a default policy for the organization, any permissions configured for the policy are ignored and the policy is shared with all users and groups in the organization. This allows all users to use the default policies as needed.

When a default policy changes so that it is no longer a default policy, the implicit sharing to all users is revoked and the permissions configured for the policy are enforced.