Skip to content

Data Access Control

Permission Sets grant users access to Projections (APIs) but do not manage data access. Data Access Control (DAC) is a mechanism that allows the configuration of Access Control Lists (ACLs) based on the attributes of the projection entity. This feature enables data access restriction that can be assigned to users, groups, or other defined entities. Additionally, DAC provides granular permissions for Create, Read, Update, and Delete (CRUD) operations, which are applied at runtime.

NOTE: This tool is highly effective but must be used responsibly, with thorough testing before deploying in production environments. Direct changes in production are risky; instead, implement changes in a separate environment and then upload them to production. Additionally, after each delivery, ensure that the existing Access Control lists remain intact and functional without any disruptions.

Enabling Data Access framework

To enable the Data Access Control framework, use the system parameter Data Access Control. At runtime, Access Control Lists (ACLs) will be applied based on this switch (ON/OFF). Additionally, all filters will be excluded for the APPOWNER user.

System Parameter Default Value Description Usage
Data Access Control OFF Administrators can switch on/off API Data Access If ‘ON' - The API Data Access Control should work
IF ‘OFF’ - The API Data Access Control should NOT work

Benefits of Data Access Control

Data Access Control (DAC) is essential for securing sensitive information and ensuring that only authorized users can access, modify, or share data. Implementing strong access control mechanisms provides several key benefits:

Configurability: Configure the Access Controls according to business requirements

Prevents Unauthorized Access: Restricts access to sensitive data, reducing the risk of breaches and protecting trade secrets, financial records, and proprietary research.

Minimizes Insider Threats: Ensures employees or contractors only access data relevant to their roles.

Enhances Productivity: Allows users to quickly access the resources they need while preventing unauthorized access.

Maintains Data Accuracy: Prevents unauthorized or unintended alterations.

Enhances Customer Trust: Secure access control reassures customers that their data is protected.

Note: This feature is currently in its preliminary stage, and further enhancements are planned for the upcoming release.

Contents

  • Access Control Lists

    Access Control Lists (ACLs) can be used to implement Data Access Control by configuring which users or entities have access to specific data in a Projection (API). This method enables fine-grained access control at the API level.

  • Exclude Projections

    For functional, technical, security, or performance reasons, some projections may explicitly prevent Data Access Control. These projections can be excluded from the framework.

  • Access Controlled Projections

    ACLs can be utilized for the Projection Entity, allowing specific CRUD operations to be restricted based on ACL criteria. To evaluate the Projection in runtime, it is necessary to review and publish the ACLs applied Projections. Read more about the Access-Controlled Projections.

  • Export-Import Access Control Lists

    We recommend configuring your Access Control Lists in a Configuration environment and thoroughly testing them first. Thereafter, you can export and import them into production, or vice versa. Read more about exporting and importing ACLs.