Properties

Properties represent different websites, native apps, or other digital surfaces that your organization operates. Each property can have its own privacy center, consent banners, and data subject request forms, customized with your specific branding and messaging.

The same properties you configure for consent management are also used for Data Subject Request (DSR) dataset filtering. There is no need to create separate properties -- a single property entity serves both purposes. When a privacy request includes a property_id, Fides filters the dataset graph to include only the datasets relevant to that property, reducing scope, cost, and risk.

Assigning properties to datasets

To control which datasets Fides processes for each property, assign property IDs to your datasets. This creates a mapping between your digital surfaces and the data stores that support them.

Dataset property assignment is currently available via the API only. There is no Admin UI for this operation.

Bulk assign (recommended)

Use the bulk assignment endpoint to assign properties to one or more datasets at once. This is additive -- it merges with any existing property assignments.

The dataset_config_ids field accepts either the dataset configuration record IDs (UUIDs) or the fides_key for each dataset. You can find these identifiers by querying GET /api/v1/connection/{connection_key}/datasetconfig.

POST /api/v1/plus/dataset-properties/bulk-assign
 
{
    "dataset_config_ids": ["d5f1a2b3-c4e5-6789-abcd-ef0123456789"],
    "property_ids": ["FDS-ABC123"]
}

To assign multiple properties to multiple datasets in a single call:

POST /api/v1/plus/dataset-properties/bulk-assign
 
{
    "dataset_config_ids": [
        "d5f1a2b3-c4e5-6789-abcd-ef0123456789",
        "a1b2c3d4-e5f6-7890-abcd-ef0123456789"
    ],
    "property_ids": ["FDS-ABC123", "FDS-DEF456"]
}

Fides validates that all property IDs exist before saving. The response shows the updated property assignments for each dataset, with any validation failures reported separately:

{
    "succeeded": [
        {"fides_key": "my_postgres_dataset", "property_ids": ["FDS-ABC123"]},
        {"fides_key": "my_mysql_dataset", "property_ids": ["FDS-ABC123", "FDS-DEF456"]}
    ],
    "failed": []
}

Bulk remove

To remove property assignments, use the bulk removal endpoint:

POST /api/v1/plus/dataset-properties/bulk-remove
 
{
    "dataset_config_ids": ["d5f1a2b3-c4e5-6789-abcd-ef0123456789"],
    "property_ids": ["FDS-ABC123"]
}

This is idempotent -- no error is raised if the property was not previously assigned.

Single dataset update

You can also include property_ids when creating or updating a single dataset configuration:

PATCH /api/v1/connection/{connection_key}/datasetconfig
 
[{
    "fides_key": "my_postgres_dataset",
    "ctl_dataset_fides_key": "my_postgres_dataset",
    "property_ids": ["FDS-ABC123"]
}]

The single dataset endpoint sets property_ids to exactly the value you provide (it does not merge). To add a property without removing existing ones, use the bulk assign endpoint instead.

Universal datasets

Datasets with an empty property_ids array (or null) are treated as universal. Universal datasets are included in every privacy request, regardless of the property_id specified. This is useful for shared data stores that serve all properties, such as a central customer database.

See the dataset annotation reference for the full list of dataset configuration fields, including property_ids.

Property-based privacy request filtering

When a privacy request includes a property_id, Fides filters the Directed Acyclic Graph (DAG) used for request execution. Only datasets tagged with the matching property (plus universal datasets) are traversed, while unrelated datasets are excluded entirely.

This filtering reduces the scope of each request, which:

Lowers processing time and infrastructure cost
Limits data exposure to only the relevant data stores
Prevents unnecessary queries against unrelated systems

Privacy Center (automatic)

When a Privacy Center is deployed for a specific property, it automatically includes the property_id in every privacy request submission. The Privacy Center resolves its property from the Fides API on each page load and attaches the ID transparently to all requests submitted through it.

This means end users submitting requests through the Privacy Center do not need to know or provide a property ID. The filtering happens behind the scenes based on which Privacy Center they use.

Programmatic API requests

For direct API integrations (outside the Privacy Center), include the property_id field in the POST /api/v1/privacy-request body:

POST /api/v1/privacy-request
[{
    "identity": {"email": "user@example.com"},
    "policy_key": "default_access_policy",
    "property_id": "FDS-ABC123"
}]

Fides validates the request at submission time. If no datasets match the given property_id (and no universal datasets exist), the request is rejected immediately with a descriptive error message.

Behavior reference

The following table describes how Fides handles different combinations of property assignment and request parameters:

Scenario	Behavior
Request without `property_id`	All datasets are traversed. No filtering is applied. No "Dataset filtering" entry appears in execution logs.
Request with `property_id`, matching datasets exist	Only matching datasets and universal datasets are traversed. Excluded datasets are skipped. A "Dataset filtering" execution log entry shows retained and excluded datasets.
Request with `property_id`, no matching datasets	Request is rejected at submission with: "No datasets are configured for property_id '...'. At least one dataset must match or be universal (no property_ids) to process this request."
Dataset with empty `property_ids`	Treated as universal. Included in all requests regardless of `property_id`.
Dataset with one or more `property_ids`	Only included when the request's `property_id` matches one of the assigned IDs.

Bridge datasets

In some cases, an in-scope dataset has no identity field (such as email) and can only be reached through foreign key (FK) relationships that pass through an out-of-scope dataset. Fides automatically detects these situations and promotes the out-of-scope dataset to a bridge role.

Bridge datasets are marked as TRAVERSAL_ONLY:

Fides queries them to cache FK values needed to reach downstream in-scope datasets.
Bridge dataset data is not included in the access report sent to the data subject.
Bridge dataset data is not masked during erasure processing.

This ensures that in-scope datasets remain reachable without exposing unrelated data.

Execution logs

When property filtering is active, Fides writes a "Dataset filtering" entry to the privacy request execution log. This entry shows:

The property_id used for filtering
The number of datasets retained vs. excluded
The names of excluded datasets

Use these logs to verify that filtering is working as expected for your configuration.

Configuration

Property-based dataset filtering is controlled by a feature flag:

Variable	Default	Description
`FIDESPLUS__DSR_PROPERTY_FILTERING__ENABLED`	`true`	When `true`, Fides filters datasets based on the `property_id` in privacy requests. When `false`, all datasets are traversed regardless of property assignment.

Set this variable in your environment configuration or .env file. A container restart is required for changes to take effect.

Property-based dataset filtering requires Fides Enterprise. For more information, talk to our solutions team.

Pre Approval Webhooks Privacy Center