Security and Access Control
1. Introduction
Security and access control are critical aspects of data analytics, ensuring that sensitive data and resources are protected from unauthorized access. This documentation covers various security concepts in Xtraleap, including authentication, OAuth, policies, policy groups, roles, user groups, and users.
2. Authentication and Authorization
Authentication and authorization are the primary mechanisms for controlling access to data analytics platforms:
-
Authentication: Verifying the identity of users, usually through a combination of usernames and passwords or other authentication methods, such as Single Sign-On (SSO) or multi-factor authentication (MFA).
-
Authorization: Granting access to specific resources or actions based on the user’s authenticated identity and assigned permissions.
3. OAuth Authentication
OAuth (Open Authorization) is a widely used open standard for token-based authentication and authorization. It enables users to grant applications access to their data from other services without sharing their credentials (e.g., username and password). in Xtraleap, OAuth is used to authenticate users and provide secure access to all of our product features or API’s.
4. Policies
Policies are sets of rules that define access permissions for specific resources or actions within a data analytics platform. They can be used to control:
-
Access to data sources, such as databases, APIs, or files
-
Access to specific features or functionalities, such as creating, editing, or deleting visualizations or dashboards
-
Access to administrative actions, such as managing users, roles, or policies
5. Policy Groups
Policy groups are collections of related policies that can be applied to roles or user groups to simplify the process of granting and managing permissions. By organizing policies into logical groups, administrators can more easily manage access control and ensure that users have the appropriate permissions for their needs.
6. Roles
Roles are predefined sets of permissions that can be assigned to users or user groups to control their access to resources and actions within a data analytics platform. They provide a consistent and manageable way of granting permissions based on job functions, responsibilities, or levels of access. Common roles in Xtraleap include:
-
Admin: Full access to all resources and actions, including managing users, roles, policies, and data sources
-
Editor: Access to create, edit, and delete visualizations and dashboards, but with limited administrative capabilities
-
Viewer: Read-only access to view visualizations and dashboards, with no ability to edit or manage resources
7. User Groups
User groups are collections of users who share similar access requirements or job functions. By assigning roles or policy groups to user groups, administrators can efficiently manage access control for multiple users at once. User groups can be organized by department, team, project, or any other logical grouping.
8. Users
Users are individuals who access the data analytics platform, each with their unique authentication credentials and assigned permissions. Users can be assigned to one or more user groups and can have roles or policies applied directly to their account for granular access control.
9. Best Practices
When implementing security and access control in Xtraleap, consider the following best practices:
-
Least Privilege Principle: Grant users the minimum permissions necessary to perform their job functions, reducing the risk of unauthorized access or actions.
-
Regular Audits: Conduct regular audits of user accounts, permissions, and access logs to identify and address potential security risks or compliance issues.
-
Strong Authentication: Implement strong authentication methods, such as multi-factor authentication (MFA) or Single Sign-On (SSO), to reduce the risk of unauthorized access due to compromised credentials.
-
Separation of Duties: Establish clear separation of duties among users, ensuring that no single user has excessive access or control over critical resources or actions.
-
Monitor and Log User Activity: Monitor and log user activity within the data analytics platform to detect potential security threats or policy violations, and to provide an audit trail for compliance and investigation purposes.
-
Regularly Update Policies and Roles: Periodically review and update policies and roles to ensure that they remain aligned with your organization’s needs and security requirements.
-
Clear Onboarding and Offboarding Procedures: Establish clear procedures for onboarding new users and offboarding users who no longer require access, ensuring that permissions are granted and revoked in a timely and secure manner.