Login
    Contents x
    Data Permissions
    • 27 Jul 2021
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Data Permissions

    • Updated on 27 Jul 2021
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Manage access rights to data with permissions set against User Groups. Users will only see results on dashboards that meet the criteria of their stacked permissions across all of their assigned User Groups.

    Permissions can be set against user groups in two different ways that depend on the type of data:

    • Session data
    • Capture (or per packet intel) data

    Permission Provisioning.gif

    Session Data - Metadata Permissions

    Access to session data is managed using metadata permissions. We use metadata keys as inclusionary filters to ensure that users only see what they are scoped to see:

    • Multiple values within a metadata category are OR
    • Different metadata categories are AND
    • For example: (Region = east or central) AND (provider = Rogers)

    These restrictions will be applied without knowledge to the end user based on their user group affiliation.

    Note: Access to session data is NOT restrictive by default, so a lack of permissions based on metadata equates to no restriciton, and full access to session data.

    image.png

    To provision session metadata the admin will go to the user groups tab and either create a new user group or select an existing one and click on the Metadata Permissions tab in the sidebar. There they can click the + button to search for and add the metadata keys/values that they would like to provision.

    234269777357af7c00b1f221ec507b885image.png

    Once selected, the permissions will be listed in the sidebar and the admin can click the checkmark to finalize the permissions on the user group. Once the permissions have been provisioned, all users in the user group will have those permissions.
    Note: users can belong to multiple user groups and as such, gain all permissions granted on the groups to which they belong.

    Capture Data Permissions

    For capture or per-packet intel data, permissions can be set based on:

    • Applications
    • Zones
    • Capture sensor device

    Note: Capture permissions are mandatory for access to data meaning no permissions results in no data access. This is due to the potential sensitive nature of the data.

    Like metadata permissions, once added to a user group that has a permission on it they only have the permissions granted to them by the group.

    image.png

    In the same place as with metadata permissions an admin can add capture data permissions to a user group. Clicking the + button will open up the search pane where the admin can find the capture permissions to add.

    As seen in the above image once the zone is chosen it will appear in the list of permissions. The admin can then click the checkmark button to save the permissions to the user group.

    To enable access to all capture data, simple select the enable capture data permissions and do not enter any restrictions.

    image.png

    © 2024 Accedian Networks Inc. All rights reserved. Accedian®, Accedian Networks®,  the Accedian logo™, Skylight™, Skylight Interceptor™ and per-packet intel™, are trademarks or registered trademarks of Accedian Networks Inc. To view a list of Accedian trademarks visit: http://accedian.com/legal/trademarks/. 

    Was this article helpful?
    What's Next
    Get In Touch
    Learn
    About Us
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout