In order to control which marketing actions can be performed on certain datasets and fields in Adobe Experience Platform, you must set up the following:
Once you have finished configuring your labels, governance policies, and marketing actions, you can test your policy enforcement to ensure it is working as expected.
This guide walks through the full process of configuring and enforcing a data governance policy in the Platform UI. For more detailed information on the features used in this guide, refer to the overview documentation on the following topics:
This guide focuses on how to set up and enforce policies for how data is used or activated in Experience Platform. If you are trying to restrict access to the data itself for certain Platform users within your organization, see the end-to-end guide on attribute-based access control instead. Attribute-based access control also uses labels and policies, but for a different use case than data governance.
Labels can no longer be applied to individual fields at the dataset level. This workflow has been deprecated in favour of applying labels at the schema level. However, you can still label an entire dataset. Any labels previously applied to individual dataset fields will still be supported through the Platform UI until 31st May 2024. To ensure that your labels are consistent across all schemas, any labels previously attached to fields at the dataset level must be migrated to the schema level by you over the coming year. See the section on migrating previously applied labels for instructions on how to do this.
You can apply labels to a schema so that all datasets based on that schema inherit the same labels. This allows you to manage the labels for data governance, consent, and access control in one place. By enforcing data usage constraints at the schema level, the effect propagates downstream to all datasets that are based on that schema. Labels applied at the schema field level support Data Governance use cases and are discoverable in the Datasets workspace Data Governance tab under the Field Name column as read-only labels.
If there is a specific dataset that you want to enforce data usage constraints on, you can apply labels directly to that dataset or specific fields within that dataset.
Alternatively, you can apply labels to a schema so that all datasets based on that schema inherit the same labels.
For more information on the different data usage labels and their intended use, see the data usage labels reference. If the available core labels do not cover all of your desired use cases, you can define your own custom labels as well.
Select Datasets in the left navigation, then select the name of the dataset you want to apply labels to. You can optionally use the search field to narrow down the list of displayed datasets.
The details view for the dataset appears. Select the Data governance tab to view a list of the dataset’s fields and any labels that have already been applied to them. Select the pencil icon to edit the datasets labels.
The Edit governance labels dialog appears. Select the appropriate governance label and select Save.
Select Schemas in the left navigation, then select the schema that you want to add labels to from the list.
If you are not sure which schema applies to a particular dataset, select Datasets in the left navigation, then select the link under the Schema column for the desired dataset. Select the schema name in the popover that appears to open the schema in the Schema Editor.
The schema’s structure appears in the Schema Editor. From here, select the Labels tab to show a list view of the schema’s fields and the labels that have already been applied to them. Select the checkboxes next to the fields that you want to add labels to, then select Apply access and data governance labels in the right rail.
If you want to add labels to all fields in the schema, select the pencil icon on the top row.
The Apply access and data governance labels dialog appears. Select the labels that you want to apply to the chosen schema field. When finished, select Save.
Continue following the above steps to apply labels to different fields (or different schemas) as needed. When finished, you can continue to the next step of enabling data governance policies.
Select Dataset in the left navigation, then select the name of the dataset you want to migrate labels from. You can optionally use the search field to narrow down the list of displayed datasets.
The details view for the dataset appears. Select the Data governance tab to view a list of the dataset’s fields and any labels that have already been applied to them. Select the cancel icon next to any label that you want to remove from a field. A confirmation dialog appears, select Remove label to confirm your choices.
After you have removed the label from your dataset field, navigate to the Schema Editor to add the label to the schema. Instructions on how to do this, can be found in the section on applying labels to a schema.
You can select the schema name in the right rail, followed by the link in the dialog that appears to navigate to the appropriate schema.
After you have migrated the necessary labels, ensure that you have the correct data governance policies enabled.
After you have applied labels to your schemas and/or datasets, you can create data governance policies that restrict the marketing actions that certain labels can be used for.
Select Policies in the left navigation to view a list of core policies defined by Adobe, as well as any custom policies previously created by your organization.
Each core label has an associated core policy that, when enabled, enforces the appropriate activation constraints on any data that contains that label. To enable a core policy, select it from the list, then select the Policy status toggle to Enabled.
If the available core policies do not cover all of your use cases (such as when you’re employing custom labels that you’ve defined under your organization), you can define a custom policy instead. From the Policies workspace, select Create policy.
A popover appears, prompting you to select the type of policy you want to create. Select Data governance policy, then select Continue.
On the next screen, provide a Name and optional Description for the policy. In the table below, select the labels that you want this policy to check for. In other words, these are the labels that the policy will prevent from being used for the marketing action(s) you specify in the next step.
If you select multiple labels, you can use the options in the right rail to determine whether all labels must be present in order for the policy to enforce usage restrictions, or if only one of the labels needs to be present. When finished, select Next.
On the next screen, select the marketing actions that this policy will restrict the previously selected labels from being used for. Select Next to continue.
The final screen shows a summary of the policy’s details and the actions it will restrict for which labels. Select Finish to create the policy.
The policy is created, but is set to Disabled by default. Select the policy from the list and set the Policy status toggle to Enabled to enable the policy.
Continue following the steps above to create and enable the policies you require before moving on to the next step.
In order for your enabled policies to accurately determine what data can be activated to a destination, you must assign specific marketing actions to that destination.
For example, consider an enabled policy that prevents any data containing a C2
label from being used for the marketing action “Export to Third Party”. When activating data to a destination, the policy checks what marketing actions are present on the destination. If “Export to Third Party” is present, attempting to activate data with a C2
label results in a policy violation. If “Export to Third Party” is not present, the policy is not enforced for the destination and data with C2
labels can be freely activated.
When connecting a destination in the UI, the Governance step in the workflow allows you to select the marketing actions that apply to this destination, which ultimately determine which data governance policies are enforced for the destination.
Once you have labeled your data, enabled data governance policies, and assigned marketing actions to your destinations, you can test whether your policies are being enforced as expected.
If you set things up correctly, when you attempt to activate data that is restricted by your policies, the activation is automatically denied and a policy violation message appears, outlining detailed data lineage information about what caused the violation.
See the document on automatic policy enforcement for details on how to interpret policy violation messages.
This guide covered the required steps for configuring and enforcing data governance policies in your activation workflows. For more detailed information on the Data Governance components involved in this guide, refer to the following documentation: