Understanding RBAC and RLS
Role Based Access Control (RBAC) and Row Level Security (RLS) are two essential components, providing enhanced data security and access control. By implementing RBAC and RLS organizations can streamline user permissions, ensure data confidentiality, and enable expanded analytics and dashboard access. In this article, we will delve into the concepts of RBAC and RLS, explore the benefits they offer, address security challenges, and discuss the adoption of next-generation access control.
Overview
Role Based Access Control (RBAC)
RBAC, short for Role-Based Access Control, is a powerful security mechanism implemented in Qmantic that plays a crucial role in managing access to dashboards and datasets. One of the key aspects of RBAC in Qmantic is dataset permissions. These roles consist of permissions such as “can_edit” and “can_delete”, which control access to views, data sources, and databases. It allows organizations to define permissions based on roles, ensuring that users have controlled access to the data they require.
RBAC in Qmantic dashboards is particularly useful as it allows organizations to maintain fine-grained control over access and permissions. By assigning roles to users, administrators can manage who can view, modify, or interact with specific dashboards and datasets. When it comes to understanding RBAC and its implementation in Qmantic dashboards, it is essential to comprehend the concept of Row-Level Security (RLS).
Row Level Security (RLS)
RLS, or Row Level Security, is an additional layer of security that works in conjunction with RBAC. While RBAC determines which roles have access to certain resources, RLS restricts users within those roles to see only a specific subset or “slice” of data. RLS ensures that users can only access the data that is relevant to their assigned roles or responsibilities.
For instance, within Qmantic, RLS enables the enforcement of data confidentiality by limiting access to sensitive datasets. Users with authorization for their role can exclusively view the permitted data, preventing unauthorized access to confidential information.
Managing Dashboard Access and Permissions
Access to Qmantic dashboards is primarily controlled through two mechanisms: dataset permissions and dashboard roles. When the “DASHBOARD_RBAC” feature flag is enabled, administrators can define roles that specify which users can access certain dashboards, overriding dataset-level permissions.To manage dashboard access effectively, consider the following:
- Dataset Permissions
Granting permissions to datasets implicitly allows access to dashboards using those datasets.
- Dashboard Roles
With “DASHBOARD_RBAC” enabled, assign roles to users to control dashboard access directly. When configuring roles, it is important to avoid altering the base roles provided by Qmantic. Instead, create new roles and assign them in conjunction with the base roles to tailor access for different user groups.
By following best practices, such as using RBAC in conjunction with dataset permissions, regularly reviewing and updating roles and permissions, and considering the use of the REST API for programmatic management, organizations can effectively manage dashboard access in Qmantic, enhancing security and governance within their organization.
Implementing Row-Level Security in Qmantic
Row-Level Security (RLS) is another important security feature, that allows for fine-grained access control at the row level. To effectively implement RLS in Qmantic, follow the steps below:
- Creating RLS Filters
In the Qmantic user interface, navigate to the Security menu and create RLS filters. These filters define the conditions that determine which rows of data are accessible.
- Assigning Filters to Roles
After creating the RLS filters, link them to specific roles and tables. This linkage ensures the enforcement of the defined access control policies.
Qmantic’s permissions and roles provide granular control over access to different resources. It is advisable to refrain from modifying the predefined roles such as Admin, Alpha, and Gamma, as these roles play a foundational role in Qmantic’s operation. Instead, create custom roles and assign them in conjunction with the base roles to attain the desired access control.
Configuring RLS in Qmantic
Configuring Row-Level Security (RLS) in Qmantic involves managing dashboard access and dataset permissions. Here is a step-by-step guide to configuring RLS:
- Dataset Permissions
Assigning permissions to roles for specific datasets is a crucial aspect of RLS configuration. By granting permissions, users with the corresponding roles gain implicit access to dashboards that use those datasets. This provides a convenient way to manage access control at the dataset level.
- Dashboard Roles
Enabling the “DASHBOARD_RBAC” feature flag allows administrators to assign roles to dashboards, specifying access for specific users or roles. This feature provides granular control over dashboard access and ensures that users can only view charts and datasets within dashboards that they have permission to access.
- Bypassing Dataset Checks
Granting dashboard access allows users to read all charts and datasets within that dashboard, even if they don’t have explicit permissions for the underlying datasets. This provides a way to bypass dataset-level checks and streamline access control at the dashboard level.
- Default Permissions
If no roles are specified for a dashboard, the dataset permissions will apply, controlling access based on the datasets used in the dashboard’s charts. This provides a fallback mechanism to ensure that access control is maintained even when specific roles are not assigned.
Conclusion
In conclusion, Qmantic provides a comprehensive solution for organizations seeking a cloud-hosted BI platform, seamless data integrations, ready-made dashboards, and an AI Data Assistant. By leveraging Qmantic, organizations can unlock the full potential of their data and make data-driven decisions with ease.
Qmantic offers extensive dashboard templates for various business functions, including billings, revenues, sales funnel, customer acquisitions, marketing performance, and more. These templates allow organizations to get started quickly and easily visualize their data without the need to build dashboards from scratch.
To experience the capabilities of Qmantic yourself, you can access a demo company and test the AI analyst with sample data. Simply visit the demo registration page to get started.
FAQs
analysis?
Qmantic provides a user-friendly interface for role management, allowing administrators to define roles, assign permissions, and manage user access. By leveraging RBAC within the Qmantic BI Platform, organizations can enforce fine-grained access control and ensure secure data management and analysis.
RLS is an additional layer of security that restricts users to view only specific subsets of data. It complements RBAC by ensuring that users can only access the data relevant to their assigned roles. RLS enhances data confidentiality and enables organizations to protect sensitive information within the Qmantic.
Yes, Qmantic provides a flexible framework for implementing RBAC and RLS, allowing organizations to customize access control policies to meet their specific security requirements. Administrators can define roles, assign permissions, and configure RLS based on organizational needs and data sensitivity.