# Domains

The "Domain Security" allows administrators to manage data domains within the organization.

* **Domain Creation:** Only the "Domain Creator" role can establish new domains, including assigning governance and steward/custodian/owner roles.
* **Domain Management:** Administrators can update configurations, assign roles, and define access controls for existing domains (who can view/edit terms).

  <figure><img src="https://1813356899-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhTnkoJQml0pok9awFDhx%2Fuploads%2F0PugHFXVpyXIuEetZLpO%2FSecDom.png?alt=media&#x26;token=3ea935bd-752f-4938-911d-6e973a4fa36e" alt=""><figcaption></figcaption></figure>
* Once a domain is created, the SGA of the corresponding domain and OE\_ADMIN have permission to perform the following actions through the security settings:
* **My Watchlist:** Add/Remove Domains: Manage domain inclusions in their watchlists and user watchlists (if users have read access to the domain).
* **Access Permissions (Metadata & Data):** Add, modify, or delete metadata and data access permissions for roles and users within the domain.
* **Governance Roles:** Manage governance roles for the domain, including adding, editing, and deleting them.
* **Cascade Governance Roles:** Apply governance roles to all categories & subcategories within the domain (SGA and default Role Admin).
* **Delete Role Access:** Remove access permissions assigned to roles (individually or in bulk).
* **Domain Configurations:**
  * **Classifications:** Configure data classifications for the domain.
  * **Categories:** Manage categories and subcategories within the domain.
  * **Default Data Associations:** Set default preferences for copying titles, descriptions, masking data, restricting access, and showing classifications in the catalog (applied to all terms in the domain).