How does Data Control work?
Once you’ve added your Datasources to Cirro, you can then decide how to manage access to the data.
In the old paradigm, you’d create user accounts on your database and specify what those accounts can access.
You use Cirro Roles to do the same thing, but with much greater control over who has access to what.
Cirro has several built-in roles which enable privileges to cirro objects and target systems.
|Public||All users belong to the Public Role which includes CONNECT, SET DESCRIBE and SELECT (on metadata tables) privileges.|
|secure_connect||Includes CONNECT privilege and allows Passthrough SQL execution on granted Datasources|
|federated_read_only||Execute read-only Federated Queries|
|federated_read_write||Execute Federated Queries, DDL, and DML|
|data_migrator||Manage and Execute Data Projects|
|cirro_admin||Cirro application administrator role that includes all Cirro privileges.|
Setup Data Control
Step One: Setup Keychain and Privilege Roles
Roles make the management of database credentials and privileges much easier than if you granted them to each user in turn.
Step Two: Define Access Rules
Access Rules define who can login, how they can login, when and how, and what they can access.
Access rules provide application-level security to the Cirro server. They can restrict access to Users, Databases and IP or network addresses either permanently or at specified times.
Learn more about Access Rules and Alert Actions