Default Policies

Default policies are used when no policy has been assigned to a pipeline.

When you configure a job for a pipeline, you specify the policies to use. As a result, the default policies are used only when you specifically select the default policies for the job.

However, the default read and write policies are always used when you run or preview a local pipeline in a Data Protector-enabled Data Collector. A local pipeline is a pipeline that is managed by a Data Collector and that runs locally on that Data Collector.

Default read and write policies are also used when you perform a test run of a draft pipeline.

Choose and configure default policies carefully. You can set one default read policy and one default write policy for the organization. Typically, you want to set the most restrictive policy as the default, and create less restrictive policies to be shared only with the appropriate users and groups.

For example, since pipeline developers use data preview to configure pipelines, you must ensure that the default read policy protects sensitive data that they should not see, such as social security numbers, home addresses, or credit card numbers.

To set a policy as default, in the Protection Policies view, click the policy name, then click Set Default.

Permissions for Default Policies

Default policies are implicitly shared with the entire organization so all users have access to the policies.

When you configure a protection policy to be a default policy for the organization, any permissions configured for the policy are ignored and the policy is shared with all users and groups in the organization. This allows all users to use the default policies as needed.

When a default policy changes so that it is no longer a default policy, the implicit sharing to all users is revoked and the permissions configured for the policy are enforced.