Access Control for System Datasets

System datasets support fine-grained access control that combines permissions and policies. This lets you manage dataset visibility and edit rights with precision.

Understanding access layers

Permissions define global access per resource type, whereas policies refine access at the resource level. Thus, global permissions may define that a user has read access to datasets generally, but a policy denying read access to a particular dataset may override this. Or, global permissions may define that a user has read and write access to datasets generally, but a specific policy may extend these permissions, granting read, overwrite, and append access to a particular dataset.

When you enable a policy on a dataset for the first time, a default access policy is created based on the dataset type and ownership. These defaults preserve existing behavior for system datasets.

What you need

To create or edit a policy for a dataset, you must have all of the necessary permissions.

Creating an access policy for a dataset

In the Dataset Management page, click and choose Edit dataset. The edit drawer opens with metadata, storage, and access control fields.

Enable access policy

Enable policy creation by toggling the switch. This turns the policy on for the specific dataset.

Define allowed and default actions

The default rule sets the baseline for all users who have the relevant permissions for this entity type. You can override this baseline later for specific groups using exception rules.

Allowed actions

First, select None or Enabled:

None: No one can take actions on the dataset except the policy creator.
Enabled: Choose the baseline actions to allow for others (for example, readData). Available actions differ by resource type. Selecting all permitted actions effectively mirrors the global permissions behavior.

Default actions

Choose the allowed actions for both the dataset and the policy itself:

Resource actions: Control what users can do with the entity (e.g, readData, overwriteData, and appendData).
- readData: View and query the dataset.
- overwriteData: Modify or delete existing data.
- appendData: Add new data.
Policy actions (ReadAccessPolicy and ManageAccessPolicy): Control who can view or edit the policy configuration itself.

Add exception rules

Use exception rules to adjust access for specific groups relative to the default. Select a target group and specify the allowed actions for that group. Add multiple rules as needed.

For example:

If the default is Enabled → Read, you can add an exception to grant a group overwriteData.
If the default is None, you can add an exception to grant a group readData and/or overwriteData.
To block a specific group when the default allows access, add an exception for that group with the allowed actions set to None.

Restrict access to specific subsets of a dataset

Attach a DPXL expression to scope what data is accessible within an exception rule. This lets you restrict access to specific subsets of the dataset.

System dataset defaults

System datasets are predefined by Coralogix and automatically marked as Restricted. Each has a default access policy to prevent accidental exposure of sensitive operational data.

These datasets are readable only by owners and users who are explicitly added through policy rules.

Save your changes

Select Save to activate the policy. The dataset’s access control behavior now follows the configured rules.

Example: Restrict a dataset to an admin team

Open the alerts.history dataset in Dataset Management.
Set the default rule to None.
Add a rule for the platform-admin group with readData.
Add a DPXL query: <v1> region_id:string.in('us-east-1', 'us-west-2')

Policy result: The alerts.history dataset is not accessible, with the exception of platform administrators who have read access to data from regions us-east-1 and us-west-2.

Permissions

To create or edit a policy for an entity, the following requirements must be met cumulatively.

Global resource permissions

You must have permissions that grant you visibility and management of datasets, found in the data engine preset.
Dataset type Action Description Permission
System View system datasets configuration Access the dataspace System screen and view system datasets configuration and status SYSTEM-DATASETS:READCONFIG
System Manage system datasets Enable or disable write options for specific system datasets SYSTEM-DATASETS:MANAGE

Resource actions

To read, append, or overwrite system datasets, you must have the following permissions. These permissions may be granted to others in Allowed actions.
Dataset type Action Description Permission
System Read data from system datasets Read data from any system dataset SYSTEM-DATASETS:READDATA
System Add new data to system datasets Append new data to an existing system dataset SYSTEM-DATASETS:APPENDDATA
System Replace system dataset content Overwrite data in a specific system dataset SYSTEM-DATASETS:OVERWRITEDATA

Policy actions

In addition to controlling who can access the dataset, policy creators may grant others the ability to view or manage the policy itself in Allowed actions.
Dataset type Action Description Permission
System Read system dataset access policy Open a system dataset modal and view its access rule and exception rule SYSTEM-DATASETS:READACCESSPOLICY
System Update system dataset access policy Open a system dataset modal and manage its access rule and exception rule SYSTEM-DATASETS:UPDATEACCESSPOLICY

These actions determine who can see or modify the policy configuration. If no policy administration rule is defined, only the policy creator/updater can view or update the policy.

Target group permissions

To select and view target groups when building a policy, you need the following permissions:
Action Description Required permission
View target group summary Select and view target groups based on summary data when building a policy. team-groups:ReadSummary
View target group config Select and view full target group configuration when building a policy. team-groups:ReadConfig

Learn more

Previous Overview

Next Overview

Dataset type	Action	Description	Permission
System	View system datasets configuration	Access the dataspace System screen and view system datasets configuration and status	`SYSTEM-DATASETS:READCONFIG`
System	Manage system datasets	Enable or disable write options for specific system datasets	`SYSTEM-DATASETS:MANAGE`

Dataset type	Action	Description	Permission
System	Read data from system datasets	Read data from any system dataset	`SYSTEM-DATASETS:READDATA`
System	Add new data to system datasets	Append new data to an existing system dataset	`SYSTEM-DATASETS:APPENDDATA`
System	Replace system dataset content	Overwrite data in a specific system dataset	`SYSTEM-DATASETS:OVERWRITEDATA`

Dataset type	Action	Description	Permission
System	Read system dataset access policy	Open a system dataset modal and view its access rule and exception rule	`SYSTEM-DATASETS:READACCESSPOLICY`
System	Update system dataset access policy	Open a system dataset modal and manage its access rule and exception rule	`SYSTEM-DATASETS:UPDATEACCESSPOLICY`

Action	Description	Required permission
View target group summary	Select and view target groups based on summary data when building a policy.	`team-groups:ReadSummary`
View target group config	Select and view full target group configuration when building a policy.	`team-groups:ReadConfig`