Access Rules
Authorization is a critical aspect of every block in kis.ai, especially within the Data API block. To ensure robust security and precise access control, kis.ai supports multiple forms of authorization, including Access Control Lists (ACLs), Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Relationship-Based Access Control (ReBAC).
Policies are defined directly in the code using several supported languages, including expr, cel-go, JavaScript, and WASM. This flexibility allows developers to implement custom logic and sophisticated security measures tailored to their specific application requirements. By integrating these comprehensive authorization mechanisms, ensures that data access is both secure and efficient, catering to the diverse needs of modern enterprises.
Authorization Types
Authz Type | Description |
---|---|
ACLs (Access Control Lists) | Define explicit permissions for specific users or groups, controlling who can perform actions on particular resources. |
RBAC (Role-Based Access Control) | Assign permissions based on user roles, simplifying management by grouping users with similar access needs. |
ABAC (Attribute-Based Access Control) | Use attributes (user, resource, environment) to enforce dynamic, context-aware policies. |
ReBAC (Relationship-Based Access Control) | Control access based on relationships between entities, providing fine-grained access control. |
Defining Access Rules
Access Levels
Access rules in Data API block are defined at two levels entity-level and row-level.
Entity Level
Rules defined here are broad-based based on entity.
- Give list of actions an user can perform on the entity
- Give access to specific fields based on the user
Row Level
Rules defined here are specific to every single row
- Give list of actions an user can perform on the single row.
- Fetch related data and return more granular access data
Actions
Action | Description |
---|---|
read | read any records of the entity |
create | create a new record for the entity |
update | update any record of the entity |
delete | soft-delete any record of the entity |
purge | delete any record of the entity |
unmask | permission to unmask, specific masked fields |
untokenize | permission to untokenize, specific tokenize fields |
decrypt | permission to decrypt, specific encrypted fields |
Example
Let’s define access rules for customers like only Admin can create and access the data and the logged in user can view only their data.
Navigate to product name > Datastore > datastore name > Entity > entity name > Edit Entity > Access