Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.zeotap.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Access Rules give org admins precise control over which data sources, attributes, and destinations are available within specific folders. Rather than making every connected source and destination available to everyone in the org, admins can define exactly what each team can access and where. Access Rules are the third layer in Zeotap’s governance model, building on Folder Access Control and Mandatory Templates. Configuration lives where the workflow happens — see Source Access Rules to restrict sources and attributes, and Destination Access Rules to restrict destinations.

How Access Rules Fit Into Your Governance Model

Before diving into configuration, it helps to understand where Access Rules sit in relation to the other governance features:
LayerFeatureWhat It Controls
1Folder Access ControlWhich folders each team can see and work in
2Mandatory TemplatesWhat row-level conditions apply to every audience in a folder
3Access RulesWhich sources, attributes, and destinations each folder can use
Together, these three layers let you build a governance structure that matches how your org actually operates — different teams, different data access, different activation rights — all within a single CDP workspace.

Key Concepts

  1. Access Rules work on a blocklist basis. Every source and destination is available across all folders by default. Admins restrict access by explicitly blocking a source, a set of attributes, or a destination from specific folders. Everything not explicitly blocked remains accessible.
  2. Folder-level rules. Rules are applied at the folder level. A rule set on a parent folder automatically propagates to all its subfolders, so governance coverage is consistent without requiring repetitive configuration.
  3. No disruption to existing work. When a rule is applied to a folder that contains existing audiences or journeys using the now-restricted source, attribute, or destination, those audiences and journeys continue running without interruption. They are flagged for review, but not stopped. Teams must resolve the conflict before publishing any future changes to affected audiences or journeys.

Folder Movement and Access Rules

When a folder is moved within the folder hierarchy, its permissions update to match those of its new parent folder. This applies in both directions — a restricted subfolder moved into an unrestricted parent loses its restrictions, and an unrestricted subfolder moved into a restricted parent inherits those restrictions.

Who Can Configure Access Rules

The following built-in roles can configure Access Rules:
  • CDP Admin
  • CDP Manager
  • Integrations Admin
  • Integrations Manager
Alternatively, admins can create a custom role and assign the view/edit access rules permissions to it from the My Roles page in the Admin section.

Configure Access Rules

For step-by-step configuration, including UI screenshots and impact warnings, see the page that matches what you’re restricting:
Last modified on May 12, 2026