Data Security

Spectrum™ Technology Platform uses a role-based security model to control access to the system. Within roles that are predefined or new roles that you may create in Management Console, you can grant or deny a user permission for accessing various parts of the Data Hub Module. For example, you may allow one role to have the ability to access model data and another role to have the ability to access model metadata. You may allow one role to access monitors, and yet another role to access themes within the Relationship Analysis Client. Likewise, you can specify who can execute algorithms, also within the Relationship Analysis Client. Once you have established your roles, you can determine what entity types are granted to each role.

An entity type is a category of items to which you want to grant or deny access. The following entity types control access to parts of the Data Hub Module.

Algorithms
Controls the ability to run algorithms in the Relationship Analysis Client.
Model Admin
Controls the ability for users to perform the following actions using Data Hub stages and the Relationship Analysis Client:
  • Read model data: entities, relationships, and their properties
  • Create models and model data: entities, relationships, and their properties
  • Modify model data: entities, relationships, and their properties
  • Delete models and model data: entities, relationships, and their properties
For example, if you had a model comprised of insurance data, you might have doctors and patients as entities, with relationships such as "visited" or "filed a claim for," and properties that depict the dates for those visits or claims. Using this example, the Model Admin entity type would allow you to grant permissions for the following actions:
  • Read data for doctors and patients and their visit or claim properties
  • Create doctor and patient entities, link them together with visit or claim relationships, and include any properties such as addresses, claim IDs, dates, and so on.
  • Modify doctor and patient entities, their relationships, and their properties such as addresses, claim IDs, dates, and so on.
  • Delete doctors and patients from the model
Model Metadata
Controls the ability for users to perform the following actions using Data Hub stages and the Relationship Analysis Client:
  • Read entity types and relationship types
  • Create entity types, relationship types, and their properties
  • Modify entity type properties and relationship type properties
  • Delete entities and relationships
    Note: This permission includes clearing a model in the Write to Hub stage.
Monitor Admin
Controls the ability to create monitors in the Relationship Analysis Client that detect changes to a model's entities or relationships.
Theme Admin
Controls the ability to define themes for models in the Relationship Analysis Client.

If you create new roles within Management Console, you can also create security entity overrides for those roles. For example, if you categorically denied a particular role access to monitors, you could create a security entity override and grant access to monitors tied to a specific dataflow. Alternatively, you could specify secured entity overrides for a particular user, which override the permissions granted to the user by the user's roles. Note that you cannot apply overrides to predefined roles and users.

For more information on managing security with Spectrum™ Technology Platform, please see the Administration Guide.