Object Side Panel

New
  • Published on Sep 14, 2025
  • 3 minute(s) read
Prev Next

Orchestration Workspaces provide a centralized view of all discovered vendor objects, including tables, views, and tags. "These objects are discovered in PlainID and used as building blocks for defining Policy logic and applying masking.

For Tables and Views, a dedicated Object Panel is available, allowing you to view their current usage in Policies, configure and manage them as Identity Sources, and define how their columns are applied in masking Policies.

Within this Panel, you can:

  • Define whether a table or view is used as an Identity Source.
  • Configure correlation for an Identity Source.
  • Specify which objects should be available for Policies.
  • Specify which columns should be available for masking Policies.

In Learn Mode, the Object Panel is read-only and reflects the state of objects in the vendor tenant:

  • If a table or view is defined as an Identity Information Source, the toggle “Is the table used as an Identity Information Source?” is turned On, and all columns are marked as available for use in Policies.
  • Only columns already used in masking Policies are shown as selected and can be protected in those Policies.

Managing Objects in the Object Side Panel

In Manage Mode, you can configure and control tables and views. Any modifications to table, view, or tag structures (CRUD operations) must be performed in the vendor tenant.

Managing Identity Source Tables

Adding or Updating Identity Source Tables and Attributes

An additional Identity Source table or view contains user-related data that enriches contextual decision-making. By including attributes (columns) such as department or location, organizations can create more dynamic Rulesets and Conditions to strengthen Policy logic.

To add a table as an Identity Source:

  1. Open your Orchestration Workspace.
  2. Select a POP that is in Manage Mode. To switch between modes, see Managing POPs.
  3. On the top-right, click Objects.
  4. Select the relevant object. The Object Panel opens.
  5. Turn On the toggle “Is the table used as an Identity Information Source?”.
  6. Define the correlation by selecting the column used for the correlation condition.

The correlation rule must compare an Attribute with a Snowflake identity function (for example, CURRENT_USER() = username). Once a correlation rule is defined, the Attribute is automatically marked as Used in Policies and created as an Identity Attribute in the Identity Workspace.

  1. Select which columns to mask (optional). See Managing Columns for Masking for more information.
  2. Select the columns to make available for Policies.

PlainID supports the creation of Identity Attributes only with the following data types: varchar, string, number, or numeric.

  1. Click Saved. The table is added to the Identity Workspace as a source Attribute, and the selected columns are added as Identity Attributes.
Using the Identity Source

To use an Identity Information Source in a Policy, ensure you have SELECT permissions on the Tables or Views according to the vendor requirements.

Note: If an Identity Source table has columns that are modified in the vendor schema to be used in Policies, or if the correlation is changed, all objects revert to the default state of Use in Policies enabled. Ensure to review these objects after updating your tables.

Removing Identity Source Tables and Attributes

To remove a table as an Identity Source:

  1. Open your Orchestration Workspace.
  2. Select a POP that is in Manage Mode.
  3. On the top-right, click Objects.
  4. Select the relevant object. The Object Panel opens.
  5. Turn Off the toggle “Is the table used as an Identity Information Source?”.
  6. Click Save. When the toggle is turned off, all Identity Attributes derived from this table are removed from the Identity Workspace, and any Policies using these Attributes will show a mapping inconsistency indication, alerting you that the Policy is invalid.

Managing Columns for Masking

Masking Policies dynamically mask the data returned in a column of an object (such as a table or view) at query time. This enables organizations to control access to specific table columns. PlainID allows you to define and control which columns should be protected.
Columns can be masked regardless if the Table is used an as Identity Information source.

To configure columns for masking:

  1. Open your Orchestration Workspace.
  2. Select a POP that is in Manage Mode. To switch between modes, see Managing POPs.
  3. On the top-right, click Objects.
  4. Select the relevant object. The Object Panel opens.
  5. Enable or disable the desired columns under Use in Masking.
  6. Click Save. The selected columns are then added to the Authorization Workspace under the Columns asset type and are available to be protected in masking Policies.

image.png

The Objects Side Panel provides a flexible way to align vendor data structures with Policy-based authorization in the Platform. You can either observe the vendor state or actively configure Identity Sources and masking columns, ensuring that Policies remain consistent, accurate, and effective.