Data Access Control Considerations

Data Access Control(DAC) is a powerful feature in IFS Cloud that restricts access to specific Data in APIs. Implementing Access Control Lists(ACLs) correctly is crucial for security, performance, and maintainability.

Best Practices for Data Access Control

Use Least Privilege Principle: Restrict access to only required rows.

Avoid direct user-based policies: Design ACLs based on roles and entities like admin, project, etc. This approach makes ACL more scalable and maintainable.

Exclude Projections: Always keep the exclude projections list updated.

Avoid Performance Bottlenecks: ACLs add an extra layer of filtering to queries, so they should be efficient. Avoid complex ACLs that could degrade performance.

Inconsistent Access Across Applications: Policies must be implemented uniformly across all relevant APIs. Additionally, Access Control Lists (ACLs) are enforced solely for APIs. If users access data through alternative methods, such as direct database connections, they may encounter discrepancies in the data displayed, depending on the tool utilized.

Regular Access Reviews – It’s crucial to audit and monitor the configured Access Control Lists (ACLs) after their creation and any modifications. Make sure to conduct checks following each deployment to the environment to guarantee compliance and security.