With RudderStack’s granular access control features, admins can lock down business-critical objects to a select list of people. They can also restrict PII(Personally Identifiable Information) access to certain users.
With these features, you can allow certain data pipelines to be edited only by the users with the required access. Also, you can ensure your access controls are in compliance with the major data regulations like SOC2, GDPR, CCPA, HIPAA, etc.
All the access-related changes are recorded in the audit logs.
Set permissions for individual resources
Go to the Permissions tab to set permissions for a particular resource (source, destination, or model) in the workspace. You can also specify members who can make changes to these resources.
Only users with admin permissions can see the Permissions tab.
The permissions set for a particular resource let you:
Connect/disconnect a resource with another resource. For example, source to destination, source to tracking plan, transformation to destination, model to reverse ETL source, etc.
Enable, disable, or delete a resource.
Edit or change the resource-specific configuration.
Any action involving setting up a connection between two resources or linking/de-linking a resource with another resource requires edit permissions for both the resources. The only exception is the SQL Models which can used without explicitly setting any edit permissions.
Specify members with edit permissions
To specify members who can make changes to a given resource, follow these steps:
Go to the resource and click the Permissions tab:
Under Who can make changes?, select any of the following two options:
Anyone with write access: All the members with the admin permissions can make changes to the resource.
Only people you select: With this option, only specific members can make changes to the resource.
To allow specific members of your team to edit the resource, click Only people you select, followed by Add member.
Finally, select the team members from the drop-down and click Add Members:
Members with view-only permissions cannot be added as they do not have permissions to modify a resource, by default.
Limit access to PII
RudderStack’s data privacy options let you safeguard your customers’ privacy by controlling who has access to the raw event data containing PII(Personally Identifiable Information). You can allow anyone on your team to access the PII or restrict access only to a select list of members.
Only members with PII permissions can view the customers’ PII in the Live Events and errors logs in your destination’sEvents tab:
To set the PII permissions, follow these steps:
In your RudderStack dashboard, go to Settings > Workspace > Data Management and scroll down to the Data Privacy section.
Under Who can view restricted data?, select the appropriate option:
Anyone on your team: All the members in your workspace can view the raw event data containing PII.
Only people you select: Only specific members with access can view the raw data.
To allow specific members of your team to edit the object, click Only people you select, followed by Add member.
Finally, select the workspace members from the drop-down and click Add Members:
If the admins are removed from the access list, RudderStack will restrict them from viewing the PII.
cookies, the cookies that are categorized as necessary are stored on your browser as they are as
for the working of basic functionalities of the website. We also use third-party cookies that
analyze and understand how you use this website. These cookies will be stored in your browser
consent. You also have the option to opt-out of these cookies. But opting out of some of these
have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This
category only includes cookies that ensures basic functionalities and security
features of the website. These cookies do not store any personal information.
learn more about cookies and why we use them, visit our cookie
policy. We'll assume you're ok with this, but you can opt-out if you wish Cookie Settings.