Example: restrict sync editing

Let's consider this scenario:

1. We have two Bulk Syncs going to Databricks: one from Salesforce and the other from NetSuite SuiteAnalytics.
2. The NetSuite sync was created by the Admin role.
3. The Admin would like extend editing permissions of this NetSuite sync to one other role.

This tutorial will define a custom role and policy to cover this use case. Throughout the steps below, ensure that your role is Admin:

1. Go to Roles and create a role with your chosen name (for example: NetSuite Sync Editor):

2. Now that we created a role, we will create a custom security policy. Go to Access control and click Create policy:

3. Give your policy a name (for example: NetSuite sync policy).

4. Map its attributes to these corresponding roles:

apply_policy: Admin

create: Admin

delete: Admin

edit: Admin and NetSuite Sync Editor.

export: can leave blank.

modify_policy: Admin

query: can leave blank.

sync_to: can leave blank.

trigger: Admin and NetSuite Sync Editor.

5. Attach this policy to your NetSuite Bulk Sync:

6. Remove the default Bulk Syncs policy since we want the NetSuite sync policy to be the only one on this sync:

Per the steps above, only the Admin and NetSuite Sync Editor roles will be allowed to edit this NetSuite sync.