# About Access Control and Data Governance Treasure Data's solutions for access control and data governance provide customers with the ability to limit access to TD, its objects, and data while allowing them to annotate TD objects, using custom tags, according to their business requirements. ## Access Control Access control is the selective restriction of access to Treasure Data, its objects, and data. Permission to access a resource is called *authorization*. Access control settings are managed from within TD Console > Control Panel. Account owners and administrators have additional control over access to resources and capabilities. Treasure Data provides the following access control features: * [Users](/products/control-panel/security/users) - Manage user accounts, roles, and delegated groups. * [Policies](/products/control-panel/security/policies) - Create and apply permission policies for databases, workflows, Audience Studio, and more. * [IP Allowlist](/products/control-panel/security/ip-allowlist/about-ip-allowlist) - Restrict access by IP address at the account, user, or API key level. * [Sign-in Settings](/products/control-panel/security/sign-in-settings/define-sign-in-settings) - Configure password policies, SSO, and session timeouts. * [Audit Logs](/products/control-panel/security/auditlogs/audit-logs) - Track and monitor user activity and system events. * [Private Connect](/products/control-panel/security/about-private-connect) - Establish private network connectivity to Treasure Data. * [Accessing REST APIs](/products/control-panel/security/accessing-rest-apis) - Manage API keys for programmatic access. ## Data Governance Treasure Data's data governance solution provides customers with an intuitive interface to build data catalogs by labeling practices. Customers can create custom tags and annotate Treasure Data objects according to their business requirements, for example labeling sensitive data such as PII. The TD administrator can manage tags and monitor the usage of every tag across datasets in one centralized place. Data discovery can also be achieved through tagging and filtering, allowing users to browse the databases and tables using existing tags. With column tags in place, administrators can implement access control by writing tag-based policies and automatically applying controls to datasets at the fine-grained level. The policy gives the ability to implement dynamic data masking and blocking access to protect data from unauthorized access of sensitive data according to the tag (e.g., sensitive data or personally identifiable information, such as credit card numbers). Treasure Data data governance overview showing data unification and classification as the foundation of trusted data ### Data Unification and Classification Treasure Data addresses data unification and classification with the Tags feature. The solution includes the following: * Creating tags * Attaching the tags to columns. * Creating policies to enforce column access. Learn more about: * [About Tags](/products/control-panel/security/tag-management/about-tags) - Create and manage tags for data classification and access control. * [About Column-level Access Control](/products/control-panel/security/tag-management/about-column-level-access-control) - Restrict column access using tags and policies with dynamic data masking. * [Implementing Column-level Access Control](/products/control-panel/security/tag-management/implementing-column-level-access-control) - Step-by-step guide to set up column-level access control. * [Annotated Schema APIs for Data Classification](/products/control-panel/security/tag-management/annotated-schema-apis-for-data-classification) - Programmatically manage column annotations and tags via REST API.