Metadata enforcement rules for subscription requests

The metadata enforcement rules for subscription requests feature in Amazon DataZone strengthens data governance by enabling domain unit owners to establish clear metadata requirements for data consumers, streamlining access requests and enhancing data governance. This feature enables organizations to align with organization’s metadata standards, implement custom workflows, and provide a consistent, governed data access experience.

The feature is supported in all the AWS commercial Regions where Amazon DataZone is currently available.

Domain unit owners can can complete the following procedure to configure metadata enforcement in Amazon DataZone:

Navigate to the Amazon DataZone data portal using the data portal URL and log in using your SSO or AWS credentials. If you’re an Amazon DataZone administrator, you can obtain the data portal URL by accessing the Amazon DataZone console at https://console.aws.amazon.com/datazone in the AWS account where the Amazon DataZone domain was created.
Choose View domains, navigate to the Domain units tab and choose the domain unit that you want to work with.
Choose the Rules tab and then choose Add.
In the Name field, provide the name for the metadata form rule.
Choose Add metadata form, then choose a metadata form within the domain / domain unit that you want to add to this rule, and then choose Add. You can add more than one metadata form.
For rule scope, specify whether the rule applies across all asset types or limit it to specific asset types. Also, choose whether the rule applies to a specific project or all projects within the domain. Once the scope is defined, choose Add Rule.

Note
While defining the rule scope, if you choose to apply the rule to all projects within the domain and you check the Cascade rule to child domain units option, you thus enable metadata enforcement across child domains, with optional permissions allowing child domains to override the parent domain’s enforced forms.

Once metadata enforcement is configured, data consumers can complete the following procedure to request access:

Navigate to the Amazon DataZone data portal using the data portal URL and log in using your SSO or AWS credentials. If you’re an Amazon DataZone administrator, you can obtain the data portal URL by accessing the Amazon DataZone console at https://console.aws.amazon.com/datazone in the AWS account where the Amazon DataZone domain was created.
Use the search bar to search for and choose the asset to which you want to subscribe, and then choose Subscribe.
In the Subscribe pop up window, provide the following information:
- The project that you want to subscribe to the asset.
- A short justification for your subscription request.
- Complete Required Metadata - specify the required metadata fields as specified by the domain unit. If mandatory fields are incomplete, they are highlighted, and submission is disabled until resolved. Once all the mandatory fields are entered, select Apply.
Select Request to submit the subscription request. After submitting, an event is generated in EventBridge, which can be used in custom workflows outside of Amazon DataZone as needed. You receive a notification in the data portal when the publisher approves your request.

Data producers can complete the following procedure to approve the subscription request:

To approve or reject a subscription request

Navigate to the Amazon DataZone data portal URL and sign in using single sign-on (SSO) or your AWS credentials. If you’re an Amazon DataZone administrator, you can navigate to the Amazon DataZone console at https://console.aws.amazon.com/datazone and sign in with the AWS account where the domain was created, then choose Open data portal.
In the data portal, choose Browse projects list and select the project that contains the asset with the subscription request.
Navigate to the Data tab, then choose Incoming requests from the left navigation pane.
Locate the request and choose View request. You can filter by Pending to see only requests that are still open.
Review the subscription request and reason for access, and decide whether to approve or reject it.

Data producers can review the provided metadata, including document links and account IDs, to determine if the request meets compliance and workflow requirements before granting access.
To approve, select between the two options:
- Full access: If you choose to approve the subscription with full access option, the subscriber will get access to all the rows and columns in your data asset.
- Approve with row and column filters: To limit access to specific rows and columns of data, you can choose the option to approve with row and column filters. For more information, see Fine-grained access control to data in Amazon DataZone.
  - Select Choose filters, and then from the drop down select one or more available filters you want to apply to the subscription.
  - To create a new filter you can choose Create new filter option, which opens a new page to create a new row or column filter. For more information, see Create column filters in Amazon DataZone and Create row filters in Amazon DataZone.
(Optional) Enter a response that explains your reason for accepting or rejecting the request.
Choose either Approve.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Query data in Amazon Athena or Amazon Redshift

Fine-grained access control to data

Metadata enforcement rules for subscription requests

Note

To approve or reject a subscription request