Thursday, June 23, 2016

How is Data Security managed in StatsPanda.com?

It goes without saying for any application worth it's salt, Data Security is THE most critical aspect of overall engineering and StatsPanda.com is no exception. StatsPanda achieves this by implementing multi tenancy support. Under the hood it uses Multi-Tenancy Technology available on Google Cloud Computing Infrastructure. At a high level data is organized under dedicated Namespaces owned by the respective Organizations and are classified under four types of visibility. 

  • public - anyone can view, listed.
  • limited - anyone can view, not listed.
  • protected - anyone from owner Organization can view
  • private - only creator can view

This premise is applicable for all the Charts, Dashboards or Datasources created in StatsPanda.com. 

API access is always restricted to a logged in user. A logged in user can create or view data in it's Org's namespace as well as in default namespace.  


Viewing Charts and Dashboard are more relaxed. Anyone can view the Charts and Dashboards in default namespace as in the ones with 'limited' visibility.


Detailed Data Security implementation philosophy is explained below.


Public : An end user can view this without logging into StatsPanda.com. A logged in end user can set visibility to 'public' and it will be created under default namespace. However, only Super Admin may approve for public listing. Once approved these will appear under the tab "Public" under respective type of Charts.  

  • visibility is set to 'public'
  • Stored under respective default namespace
  • Will be listed publicly only when approved by Super Admin.

Limited : An end user can view this as long as they have the url, they don't need to login to view the charts. However, these are not listed under the "Public" tab, these are listed under tab with "Organization ID" as name.
  • visibility is set to 'public'
  • Anyone with the url can view the content
  • User need not be logged in in order to view the content
  • Admin will not "copy" charts under this category for public listing on StatsPanda.com.
  • Data is stored under respective Organization specific Namespace.

Protected: End user must be logged in and can view only the records belonging to his/her organization. These are listed under tab with "Organization ID" as name.
  • visibility is set to 'protected'
  • User must be logged into StatsPanda.com in order to view 'protected' content
  • S/he must be part of the Organization
  • Data is stored under respective Organization specific Namespace.

Private: End user must be logged in and can view only the records that were created by him/her. These Charts are listed under the tab with "User ID" as name.
  • visibility is set to 'private'
  • User must be logged into StatsPanda.com in order to view 'private' content
  • User can view only the Charts or Dashboards that are created by him/herself. 
  • Data is stored under respective Organization specific Namespace.
  • Content can not be viewed by others in Organization.

URL Patterns:

Charts & Dashboards:

Publicly Listed, stored in default space:

/ui/charts/morris/bar-chart?unique_key=<ID>

/ui/dashboard/acme-corp-financial-analysis?unique_key=<ID>

Limited/Protected/Private:

/ui/charts/<namespace>/morris/bar-chart?unique_key=<ID>

/ui/dashboard/<namespace>/acme-corp-financial-analysis?unique_key=<ID>


APIs:

Publicly Listed, stored in default space:

/apiinput/charts/morris/line-chart/jsoninput/data?unique_key=<ID>&authToken=<token>

Limited/Protected/Private:

/apiinput/charts/<namespace>/morris/line-chart/jsoninput/data?unique_key=<ID>&authToken=<token>

You may like to refer to our previous blog on RESTful APIs in StatsPanda.com for an exhaustive list of APIs.

1 comment:

  1. Data security breaches happen daily in too many places at once to keep count. Any business irrespective of their size should build a strong cyber security to ensure strong data protection.
    secure virtual data room

    ReplyDelete