Create purpose

POST /api/service/purposes

Create a new purpose in Atlan.

Note that while it is technically possible to define policies at the same time as creating the purpose itself, this does run the risk of timeouts for the creation API call. Therefore, even though these lists are required in the request payload, it is recommended to send them as empty arrays for the create request.

Instead, create and update policies in subsequent requests, not the initial purpose creation request.

Body Required

Purpose to create.

  • id string | null

    Unique identifier of the purpose.

  • name string Required

    Unique system name for the purpose. This will generally be the same as the displayName, but must be unique.

  • displayName string | null Required

    Human-readable name of the purpose. This is what is shown on the UI, and while not strictly required for creation if it is missing then no name will be displayed for the purpose in the UI.

  • description string | null

    Meaningful explanation for what the purpose represents or how it is used.

  • metadataPolicies array[object] | null Required

    Instance of metadata policy on a purpose in Atlan, with its detailed information.

    • actions array[string] | null

      List of granular permissions within the policy, to apply to assets with any of the classifications that are part of the purpose.

      Permissions are as follows:

      • entity-read: view activity, lineage, custom metadata and SQL queries for processes in lineage or view definitions
      • entity-update: update asset metadata including description, certification, owners, readme and resources
      • entity-create: create new assets within the selected connection or specified database/schema (via API)
      • entity-delete: delete assets within the selected connection or specified database/schema (via API)
      • entity-update-business-metadata: update custom metadata values for the assets
      • entity-add-classification: attach classifications to assets
      • entity-remove-classification: remove classifications from assets

      Values are entity-read, entity-update, entity-create, entity-delete, entity-update-business-metadata, entity-add-classification, or entity-remove-classification.

    • allow boolean | null

      If false, this applies an "explicit deny" to the listed permissions. Those permissions will not be granted to any users on the policy, even if those users are parts of other policies that do give them those permissions. In other words, this "explicit deny" will take precedence over all other permissions for the same classifications and users.

    • name string | null

      Meaningful explanation of the policy.

    • description string | null

      Unused.

    • users array[string] | null

      List of unique usernames to whom the policy will apply.

    • groups array[string] | null

      List of unique group names to whom the policy will apply. Note that these are the internal names of the groups, typically in all lowercase and without spaces.

    • allUsers boolean | null

      When true, the policy will apply to all users in Atlan (present and future).

    • type string

      Type of policy. For metadata policies, this should always be metadata.

  • dataPolicies array[object] | null Required

    Instance of data policy on a purpose in Atlan, with its detailed information.

    • actions array[string] | null

      List of granular permissions within the policy, to apply to assets with any of the classifications that are part of the purpose. For data policies the only possible permission is select, which applies to both previewing and querying data.

      Value is select.

    • allow boolean | null

      If false, this applies an "explicit deny" to preview and query permission. This denial for previewing and querying applies to entire tables. So even if only a single column has a classification linked to this purpose, in the case of an "explicit deny" users in this policy will be unable to preview or query the entire table in which that column exists.

    • name string | null

      Meaningful explanation of the policy.

    • description string | null

      Unused.

    • users array[string] | null

      List of unique usernames to whom the policy will apply.

    • groups array[string] | null

      List of unique group names to whom the policy will apply. Note that these are the internal names of the groups, typically in all lowercase and without spaces.

    • allUsers boolean | null

      When true, the policy will apply to all users in Atlan (present and future).

    • type string | null

      Type of policy. To grant or deny access to data entirely (without masking), use access. To only mask the classified assets, use masking.

      Values are masking, access, or null.

    • mask string | null

      Type of masking to apply when the type property is set to masking.

      Values are heka:MASK_SHOW_FIRST_4, heka:MASK_SHOW_LAST_4, heka:MASK_HASH, heka:MASK_NULL, heka:MASK_REDACT, or null.

  • tags array[string] | null Required

    List of classifications that this purpose operates against.

    Each name is the internal, uniquely hashed classification name and not the human-readable name of a classification.

  • readme string | null

    URL-encoded HTML representing the richly-formatted readme for the purpose.

Responses

  • 200 object

    Successfully created purpose.

    • id string | null

      Unique identifier of the purpose.

    • name string

      Unique system name for the purpose. This will generally be the same as the displayName, but must be unique.

    • displayName string | null

      Human-readable name of the purpose. This is what is shown on the UI, and while not strictly required for creation if it is missing then no name will be displayed for the purpose in the UI.

    • description string | null

      Meaningful explanation for what the purpose represents or how it is used.

    • metadataPolicies array[object] | null

      Instance of a metadata policy for a purpose in Atlan, with its detailed response-specific information.

      • actions array[string] | null

        List of granular permissions within the policy, to apply to assets with any of the classifications that are part of the purpose.

        Permissions are as follows:

        • entity-read: view activity, lineage, custom metadata and SQL queries for processes in lineage or view definitions
        • entity-update: update asset metadata including description, certification, owners, readme and resources
        • entity-create: create new assets within the selected connection or specified database/schema (via API)
        • entity-delete: delete assets within the selected connection or specified database/schema (via API)
        • entity-update-business-metadata: update custom metadata values for the assets
        • entity-add-classification: attach classifications to assets
        • entity-remove-classification: remove classifications from assets

        Values are entity-read, entity-update, entity-create, entity-delete, entity-update-business-metadata, entity-add-classification, or entity-remove-classification.

      • allow boolean | null

        If false, this applies an "explicit deny" to the listed permissions. Those permissions will not be granted to any users on the policy, even if those users are parts of other policies that do give them those permissions. In other words, this "explicit deny" will take precedence over all other permissions for the same classifications and users.

      • name string | null

        Meaningful explanation of the policy.

      • description string | null

        Unused.

      • users array[string] | null

        List of unique usernames to whom the policy will apply.

      • groups array[string] | null

        List of unique group names to whom the policy will apply. Note that these are the internal names of the groups, typically in all lowercase and without spaces.

      • allUsers boolean | null

        When true, the policy will apply to all users in Atlan (present and future).

      • type string

        Type of policy. For metadata policies, this should always be metadata.

      • createdAt integer(int64) | null

        Date and time (epoch) at which the policy was created, in milliseconds.

      • createdBy string | null

        User who created the policy.

      • updatedAt integer(int64) | null

        Date and time (epoch) at which the policy was last updated, in milliseconds.

      • updatedBy string | null

        User who last updated the policy.

      • id string | null

        Unique identifier (GUID) for the policy.

    • dataPolicies array[object] | null

      Instance of a data policy for a purpose in Atlan, with its detailed response-specific information.

      • actions array[string] | null

        List of granular permissions within the policy, to apply to assets with any of the classifications that are part of the purpose. For data policies the only possible permission is select, which applies to both previewing and querying data.

        Value is select.

      • allow boolean | null

        If false, this applies an "explicit deny" to preview and query permission. This denial for previewing and querying applies to entire tables. So even if only a single column has a classification linked to this purpose, in the case of an "explicit deny" users in this policy will be unable to preview or query the entire table in which that column exists.

      • name string | null

        Meaningful explanation of the policy.

      • description string | null

        Unused.

      • users array[string] | null

        List of unique usernames to whom the policy will apply.

      • groups array[string] | null

        List of unique group names to whom the policy will apply. Note that these are the internal names of the groups, typically in all lowercase and without spaces.

      • allUsers boolean | null

        When true, the policy will apply to all users in Atlan (present and future).

      • type string | null

        Type of policy. To grant or deny access to data entirely (without masking), use access. To only mask the classified assets, use masking.

        Values are masking, access, or null.

      • mask string | null

        Type of masking to apply when the type property is set to masking.

        Values are heka:MASK_SHOW_FIRST_4, heka:MASK_SHOW_LAST_4, heka:MASK_HASH, heka:MASK_NULL, heka:MASK_REDACT, or null.

      • createdAt integer(int64) | null

        Date and time (epoch) at which the policy was created, in milliseconds.

      • createdBy string | null

        User who created the policy.

      • updatedAt integer(int64) | null

        Date and time (epoch) at which the policy was last updated, in milliseconds.

      • updatedBy string | null

        User who last updated the policy.

      • id string | null

        Unique identifier (GUID) for the policy.

    • tags array[string] | null

      List of classifications that this purpose operates against.

      Each name is the internal, uniquely hashed classification name and not the human-readable name of a classification.

    • readme string | null

      URL-encoded HTML representing the richly-formatted readme for the purpose.

    • createdAt integer(int64) | null

      Date and time (epoch) at which the purpose was created, in milliseconds.

    • createdBy string | null

      User who created the purpose.

    • updatedAt integer(int64) | null

      Date and time (epoch) at which the purpose was last updated, in milliseconds.

    • updatedBy string | null

      User who last updated the purpose.

    • level string | null

      Level of the created purpose. (This will always be workspace.)

    • version string | null

      Unique identity for the version of the purpose.

    • enabled boolean | null

      True when this purpose is turned on, and false when it is turned off.

    • resources string | null
    • attributes object | null
    • isActive boolean | null

      True when the purpose is currently enabled, false otherwise.

  • 400 object

    Occurs when another purpose already exists with the same classification. Atlan allows only one purpose per classification

POST /api/service/purposes 
curl \
 -X POST https://tenant.atlan.com/api/service/purposes \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"name":"PII Protection","displayName":"PII Protection","tags":["rXlsT2vyr7mYtH1aCNLU6F"],"metadataPolicies":[],"dataPolicies":[]}'
Request example 
{
  "name": "PII Protection",
  "displayName": "PII Protection",
  "tags": [
    "rXlsT2vyr7mYtH1aCNLU6F"
  ],
  "metadataPolicies": [],
  "dataPolicies": []
}
Response example (200) 
{
  "id": "3f35d508-4f43-48d3-84e3-889c13571f1c",
  "version": "small-sun-5855",
  "isActive": true,
  "createdAt": 1655214527401,
  "updatedAt": 1655214527401,
  "createdBy": "service-account-apikey-e8d1f0bd-600e-4a8a-9248-b7c9aa1ef8c3",
  "description": null,
  "displayName": "PII Protection",
  "name": "PII Protection",
  "dataPolicies": [],
  "metadataPolicies": [],
  "tags": [
    "rXlsT2vyr7mYtH1aCNLU6F"
  ],
  "level": "workspace",
  "enabled": true,
  "readme": null,
  "resources": null,
  "attributes": null
}
Response example (400) 
{
  "code": 1000,
  "error": "Please check your request parameters",
  "info": null,
  "message": "another policy exists for matching resource",
  "requestId": "j2SgQ6TgeU0LvhncusUTo69QbOoW6xBV"
}