diff --git a/docs/guides/repo_level_policy.md b/docs/guides/repo_level_policy.md
index bbd21d10..9c497537 100644
--- a/docs/guides/repo_level_policy.md
+++ b/docs/guides/repo_level_policy.md
@@ -110,42 +110,6 @@ resource "cyral_rego_policy_instance" "policy" {
}
```
-## Example: dataset protection
-
--> **Note** The Dataset Protection policy template is only enabled by default in control planes
-`v4.13` and later. If you have a previous version, please reach out to our customer success
-team to enable it.
-
-Restrict access to specific tables or schemas in the data repositories:
-
-```terraform
-# Creates pg data repository
-resource "cyral_repository" "pg1" {
- type = "postgresql"
- name = "pg-1"
-
- repo_node {
- host = "pg.cyral.com"
- port = 5432
- }
-}
-
-# Creates a policy instance from template to raise a 'high' alert
-# and block updates and reads on schema 'finance' and dataset
-# 'cyral.customers'
-resource "cyral_rego_policy_instance" "policy" {
- name = "dataset-protection"
- category = "SECURITY"
- description = "Raise a 'high' alert and block updates and reads on schema 'finance' and dataset 'cyral.customers'"
- template_id = "dataset-protection"
- parameters = "{ \"block\": true, \"alertSeverity\": \"high\", \"monitorUpdates\": true, \"monitorReads\": true, \"datasets\": {\"disallowed\": [\"finance.*\", \"cyral.customers\"]}}"
- enabled = true
- scope {
- repo_ids = [cyral_repository.pg1.id]
- }
-}
-```
-
## Example: rate limit
Set up a threshold on sensitive data reads over time:
diff --git a/docs/resources/rego_policy_instance.md b/docs/resources/rego_policy_instance.md
index 2629fab2..6d14d2e7 100644
--- a/docs/resources/rego_policy_instance.md
+++ b/docs/resources/rego_policy_instance.md
@@ -151,22 +151,6 @@ All templates use parameters defined as JSON, below is a list of all the corresp
- `includedIdentities` (Object) Identities that cannot see restricted records. See [identityList](#objects--identityList).
- `includedDbAccounts` (Array) Database accounts cannot see restricted records.
-### Dataset Protection (dataset-protection)
-
-- `block` (Boolean) Policy action to enforce.
-- `monitorReads` (Boolean) Monitor read operations.
-- `monitorUpdates` (Boolean) Monitor update operations.
-- `monitorDeletes` (Boolean) Monitor delete operations.
-- `monitorInserts` (Boolean) Monitor insert operations.
-- `monitorAlters` (Boolean) Monitor alters operations.
-- `monitorDrops` (Boolean) Monitor drops operations.
-- `monitorDumps` (Boolean) Monitor dump operations.
-- `tags` (Array) Tags.
-- `datasets` (Object) Datasets associated to the policy. See [datasets](#objects--datasets).
-- `identities` (Object) Identities associated to the policy. If empty, the policy will be associated to all identities. See [identities](#objects--identities).
-- `dbAccounts` (Object) Database Accounts associated to the policy. If empty, the policy will be associated to any database account. See [dbAccounts](#objects--dbAccounts).
-- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.
-
### Objects
@@ -180,10 +164,6 @@ All templates use parameters defined as JSON, below is a list of all the corresp
- `dbAccounts` (Object) Database Accounts. See properties below:
- `included` (Array) Included Database Accounts.
- `excluded` (Array) Excluded Database Accounts.
-
-- `datasets` (Object) Datasets. See properties below:
- - `allowed` (Array) Datasets allowed by the policy. Accepts wildcards such as `cyral.*`
- - `disallowed` (Array) Datasets disallowed by the policy. Accepts wildcards such as `cyral.*`
- `identityList` (Object) Identity List. See properties below:
- `userNames` (Array) Identity Emails.
diff --git a/examples/guides/repo_level_policies/dataset_protection.tf b/examples/guides/repo_level_policies/dataset_protection.tf
deleted file mode 100644
index 05a7b474..00000000
--- a/examples/guides/repo_level_policies/dataset_protection.tf
+++ /dev/null
@@ -1,25 +0,0 @@
-# Creates pg data repository
-resource "cyral_repository" "pg1" {
- type = "postgresql"
- name = "pg-1"
-
- repo_node {
- host = "pg.cyral.com"
- port = 5432
- }
-}
-
-# Creates a policy instance from template to raise a 'high' alert
-# and block updates and reads on schema 'finance' and dataset
-# 'cyral.customers'
-resource "cyral_rego_policy_instance" "policy" {
- name = "dataset-protection"
- category = "SECURITY"
- description = "Raise a 'high' alert and block updates and reads on schema 'finance' and dataset 'cyral.customers'"
- template_id = "dataset-protection"
- parameters = "{ \"block\": true, \"alertSeverity\": \"high\", \"monitorUpdates\": true, \"monitorReads\": true, \"datasets\": {\"disallowed\": [\"finance.*\", \"cyral.customers\"]}}"
- enabled = true
- scope {
- repo_ids = [cyral_repository.pg1.id]
- }
-}
diff --git a/templates/guides/repo_level_policy.md.tmpl b/templates/guides/repo_level_policy.md.tmpl
index e3f4868b..6323432e 100644
--- a/templates/guides/repo_level_policy.md.tmpl
+++ b/templates/guides/repo_level_policy.md.tmpl
@@ -31,16 +31,6 @@ Protect against unauthorized updates:
{{ tffile "examples/guides/repo_level_policies/data_protection.tf" }}
-## Example: dataset protection
-
--> **Note** The Dataset Protection policy template is only enabled by default in control planes
-`v4.13` and later. If you have a previous version, please reach out to our customer success
-team to enable it.
-
-Restrict access to specific tables or schemas in the data repositories:
-
-{{ tffile "examples/guides/repo_level_policies/dataset_protection.tf" }}
-
## Example: rate limit
Set up a threshold on sensitive data reads over time:
diff --git a/templates/resources/rego_policy_instance.md.tmpl b/templates/resources/rego_policy_instance.md.tmpl
index 383aa493..b6a6beb2 100644
--- a/templates/resources/rego_policy_instance.md.tmpl
+++ b/templates/resources/rego_policy_instance.md.tmpl
@@ -94,22 +94,6 @@ All templates use parameters defined as JSON, below is a list of all the corresp
- `includedIdentities` (Object) Identities that cannot see restricted records. See [identityList](#objects--identityList).
- `includedDbAccounts` (Array) Database accounts cannot see restricted records.
-### Dataset Protection (dataset-protection)
-
-- `block` (Boolean) Policy action to enforce.
-- `monitorReads` (Boolean) Monitor read operations.
-- `monitorUpdates` (Boolean) Monitor update operations.
-- `monitorDeletes` (Boolean) Monitor delete operations.
-- `monitorInserts` (Boolean) Monitor insert operations.
-- `monitorAlters` (Boolean) Monitor alters operations.
-- `monitorDrops` (Boolean) Monitor drops operations.
-- `monitorDumps` (Boolean) Monitor dump operations.
-- `tags` (Array) Tags.
-- `datasets` (Object) Datasets associated to the policy. See [datasets](#objects--datasets).
-- `identities` (Object) Identities associated to the policy. If empty, the policy will be associated to all identities. See [identities](#objects--identities).
-- `dbAccounts` (Object) Database Accounts associated to the policy. If empty, the policy will be associated to any database account. See [dbAccounts](#objects--dbAccounts).
-- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.
-
### Objects
@@ -120,10 +104,6 @@ All templates use parameters defined as JSON, below is a list of all the corresp
- `dbAccounts` (Object) Database Accounts. See properties below:
- `included` (Array) Included Database Accounts.
- `excluded` (Array) Excluded Database Accounts.
-
-- `datasets` (Object) Datasets. See properties below:
- - `allowed` (Array) Datasets allowed by the policy. Accepts wildcards such as `cyral.*`
- - `disallowed` (Array) Datasets disallowed by the policy. Accepts wildcards such as `cyral.*`
- `identityList` (Object) Identity List. See properties below:
- `userNames` (Array) Identity Emails.