Cirro Data Control allows you to easily manage access to your data without the need to change anything on your Database.

How does Data Control work?

Once you’ve added your Datasources to Cirro, you can then decide how to manage access to the data.

In the old paradigm, you’d create user accounts on your database and specify what those accounts can access.

You use Cirro Roles to do the same thing, but with much greater control over who has access to what.

Built-in Roles

Cirro has several built-in roles which enable privileges to cirro objects and target systems.

Role Description
Public All users belong to the Public Role which includes CONNECT, SET DESCRIBE and SELECT (on metadata tables) privileges.
secure_connect Includes CONNECT privilege and allows Passthrough SQL execution on granted Datasources
federated_read_only Execute read-only Federated Queries
federated_read_write Execute Federated Queries, DDL, and DML
data_migrator Manage and Execute Data Projects
cirro_admin Cirro application administrator role that includes all Cirro privileges.

Setup Data Control

Step One: Setup Keychain and Privilege Roles

Roles make the management of database credentials and privileges much easier than if you granted them to each user in turn.

Keychain Roles

Grant database login privileges without the risk of handing out the usernames and passwords.

Keychain Roles

Manage roles in the View all roles page.

Manage Roles

View database credentials granted to roles

Credentials Matrix

Privilege Roles

Grant privileges on database objects together with privileges to manage the Cirro Server.

Privilege Roles

Manage roles in the View all roles page.

Manage Roles

View privileges granted to roles

Privileges Matrix

Step Two: Define Access Rules

Access Rules define who can login, how they can login, when and how, and what they can access.

Access Rules

Access rules provide application-level security to the Cirro server. They can restrict access to Users, Databases and IP or network addresses either permanently or at specified times.

User Access Rules

Data Control Access Rules

Data Management Access Rules

Learn more about Access Rules and Alert Actions

View Access Rules

View Alert Actions