Data Security
Spectrum™ Technology Platform uses a role-based security model to control access to the system. Within roles that are predefined or new roles that you may create in Management Console, you can grant or deny a user permission for accessing various parts of the Data Hub Module. For example, you may allow one role to have the ability to access model data and another role to have the ability to access model metadata. You may allow one role to access monitors, and yet another role to access themes within the Relationship Analysis Client. Likewise, you can specify who can execute algorithms, also within the Relationship Analysis Client. Once you have established your roles, you can determine what entity types are granted to each role.
An entity type is a category of items to which you want to grant or deny access. The following entity types control access to parts of the Data Hub Module.
- Algorithms
- Controls the ability to run algorithms in the Relationship Analysis Client.
- Model Admin
- Controls the ability for users to perform the following actions using Data Hub stages
and the Relationship Analysis Client:
- Read model data: entities, relationships, and their properties
- Create models and model data: entities, relationships, and their properties
- Modify model data: entities, relationships, and their properties
- Delete models and model data: entities, relationships, and their properties
- Model Metadata
- Controls the ability for users to perform the following actions using Data Hub stages
and the Relationship Analysis Client:
- Read entity types and relationship types
- Create entity types, relationship types, and their properties
- Modify entity type properties and relationship type properties
- Delete entities and relationships Note: This permission includes clearing a model in the Write to Hub stage.
- Monitor Admin
- Controls the ability to create monitors in the Relationship Analysis Client that detect changes to a model's entities or relationships.
- Theme Admin
- Controls the ability to define themes for models in the Relationship Analysis Client.
If you create new roles within Management Console, you can also create security entity overrides for those roles. For example, if you categorically denied a particular role access to monitors, you could create a security entity override and grant access to monitors tied to a specific dataflow. Alternatively, you could specify secured entity overrides for a particular user, which override the permissions granted to the user by the user's roles. Note that you cannot apply overrides to predefined roles and users.
For more information on managing security with Spectrum™ Technology Platform, please see the Administration Guide.