Skip to content

Data Access

Guance allows restricting RUM data access permissions for workspace members at the application level. Meanwhile, by introducing regular expressions and desensitization fields, it effectively enhances the security protection of different application data, ensuring information security.

Start Creating

  1. Enter the Create Rules page;
  2. Input the rule name;
  3. Optionally input a description for the rule as needed;
  4. Select the Application ID (only applications within the current workspace can be selected). You may apply the rule to all applications or select individual/multiple applications covering Web, iOS, Android, etc.;

  5. Define the access scope for RUM data under this rule;

  6. Add one or multiple fields that need to be desensitized;

  7. Use regular expressions to desensitize sensitive information in the field content;

  8. Select one or more member roles to which the current access rule applies, including default system roles and custom roles;
  9. Click Save.

Configuration Notes

When configuring data access rules, pay attention to three key logics:

  • Data Access Scope: Members within the access rule can only access data matching the filtering conditions.
  • Regular Expression Desensitization: If you need an additional layer of data protection on top of defined data scopes, set up regular expressions or desensitization fields to shield sensitive data externally;
  • Role Scenarios and Query Permissions: Different roles combined with different rules singly or cumulatively will produce varying results in the final presentation of data access rules.

Management List

For more details, refer to Options.

Precautions

Cross-workspace Queries: If two workspaces contain the same application, based on the permission settings in the data access rules, specific roles can only view filtered data from the authorized workspace for that application.

Prerequisite: Workspace A and Workspace B both contain the whytest-android application, and Workspace B has authorized Workspace A to view the RUM application data.

When configuring data access rules (as shown in the figure below), Workspace A restricts the "Custom Management" role to only view data where source:kodo under the whytest-android application.

In this case, the following scenarios exist:

RUM Explorer

Since this Explorer does not support cross-workspace queries, the "Custom Management" role can only view RUM data for the whytest-android application under Workspace A in the RUM Explorer.

Dashboard

When selecting both Workspace A and Workspace B simultaneously for data queries, and querying the data for both whytest-android and whytest-ios applications in DQL. Since the current data access restriction rule limits access for the "Custom Management" role, and no access permissions have been configured for the whytest-android application data in Workspace B, as well as the whytest-ios application data in both Workspace A and Workspace B.

As a result, the "Custom Management" role can only access the whytest-android application data in Workspace A.

Further Reading

Feedback

Is this page helpful? ×