In this article, you will learn how to restrict access to data using a global security filter and how to add permissions for users to specific data.
This article is intended for users with the OrganizationAdmin role or users with the following claim access levels.
|Management||Data Catalog||at least Consulted|
|Management||Annotation||at least Consulted|
|Admin||Tenant Management||at least Consulted|
|Integration||Enrichment||at least Consulted|
|Integration||Configured Integrations||at least Consulted|
|Integration||Manual Data Entry Project Management||at least Consulted|
|Integration||Data Source Groups||at least Consulted|
|Consume||Export Targets||at least Consulted|
To make sure that the right users have access to the right data, perform the following steps:
The following diagram shows the flow of restricting access to data.
A global security filter is used for managing the overall access to data within the platform. It can be in one of the following statuses:
Disabled – the users can view all data in CluedIn.
If the global security filter is disabled, you will see a message similar to the one below when you check permissions for data sources, manual data entry projects, configured integrations, and enrichers.
Enabled – the users cannot view the data in CluedIn unless you have specifically added permissions for data.
If the global security filter is enabled, you will see a list of users who have access to data when you check permissions for data sources, manual data entry projects, configured integrations, and enrichers.
To enable a global security filter
Go to Administration > Settings.
In the Global Security Filter section, turn on the toggle next to the status.
The global security filter is enabled. The users need to sign out and sign in again for the changes to take the effect.
After you enable the global security filter, the users will not be able to view any data in CluedIn. To give users access to the data required for performing their data-related tasks, add permissions for users in data resources.
Exception in global security filter
The table below contains the combination of section-claim-access level that grants users a permission to view the data regardless of whether the global security filter is enabled or not.
|Management||Deduplication Project Management||Informed|
With the global security filter enabled, you need to add permissions for users in the data resources so that they can work with the required data.
To add permission in data resource
Depending on the data resource, do one of the following:
To add permission to data associated with a certain data source, on the navigation pane, go to Integrations > Data Sources. Then, expand the group and select the needed data source.
To add permission to records in the manual data entry project, on the navigation pane, go to Integrations > Manual Data Entry. Then, select the needed project.
To add permission to data pushed by a certain integration source, on the navigation pane, go to Integrations > Configured. Then, select the needed integration.
To add permission to enriched data, on the navigation pane, go to Preparation > Enrich. Then, select the needed enricher.
Go to the Permissions tab and select Add Users.
Select the checkbox next to the users you want to grant access to data. Then, select Grant access.
For the changes to take the effect, the users have to sign out and sign in again. Now, the users can view data and they are listed on the Permissions tab of the data resource.
Note: The operations that users can perform with data depend on the roles assigned to the users. For more information, see Roles.