SaaS Security: Data Entitlement
Data Entitlement is the process of giving a right to a group or user as to what they can and cannot access with respect to data within the system. In any SaaS or Enterprise multi tenant applications, the tenant administrators or the business users might want to set functional privilege to validate whether a user has required permission to access a specific feature or module in the application, similarly setting up data access privilege is also equally important to have a fine grained control over the application security.
For example, in case of a Multi Tenant Payroll Management application, there might be various types of roles created in each tenants. The Tenant administrator might want to restrict the data level access permission to certain roles. Below are some of the common scenarios,
- All Employees must have view permission to their own salary details but the update/edit/delete operations are restricted.
- Grant full access permission (Create/Read/Update) for the users who belong to Finance team on employee’s payroll data.
- Managers who are in level 3 (Managers) might be allowed to view the salary information of his sub ordinates who is directly reporting to them.
- Regional Manager of North Carolina should be allowed to see sales information pertaining to his region.
- Sales Order, Purchase Order data should only be accessed by members who are part of Sales and Finance department.
- Designating specific record or field level access to certain roles or users.
As an application provider, certain common data access privileges such as above can be generalized and brought in as the base data access permissions during the development as part of the application. However, different organizations have different needs and their business model is unique. It is always impossible to bring in the fixed set of data access grant/revoke permission by the application provider, so it is always advisable to provide the ability to the respective tenants to set their data access permission by themselves. Often times users might belong to multiple roles, so data permissions must be an aggregated union between multiple roles and necessary privilege is mandated before letting the user to do any data access.
Other than group/role level data access, often times there might be situations where one would want to grant or revoke data access permission to a specific user in the application. E.g. user id: ACE1789 should only be allowed to access all the transactions processed within the application.
Levels of Data Entitlement
There are various levels of data entitlement, they are
1. Entity Level – Enforce at an entity level as to whether a role or tenant can view /insert/modify/delete
2. Record Level – Entitle specific records to user/roles
3. Field Level – Entitle specific fields to user/roles
In case of any queries please feel free to drop me an email at [email protected]