Skip to content

Data Access

Guance allows you to restrict access to RUM data for workspace members at the application level. By introducing regular expressions and desensitization fields, it effectively enhances the security protection of different application data, ensuring information security.

Start Creating

  1. Go to the Create page;
  2. Enter the rule name;
  3. Enter a description for the rule as needed;
  4. Select the application ID (only applications in the current workspace can be selected). You can use all applications or select single/multiple applications, covering Web, iOS, Android, etc.;

  5. Define the access scope of RUM data under the current rule;

  6. Add single or multiple fields that need to be desensitized;

  7. Use regular expressions to desensitize sensitive information in the field content;

  8. Select single or multiple member roles to which the current access rule can be applied, including default roles and custom roles in the system;
  9. Click Save.

Configuration Notes

When configuring data access rules, pay attention to the three major logics:

  • Data Access Scope: Members within the access rule can only access data that matches the filter conditions.
  • Regular Expression Desensitization: If you need to add an additional layer of data protection within the defined data scope, you can set regular expressions or desensitization fields to shield sensitive data externally;
  • Role Scenarios and Query Permissions: Different roles and different rules, either single or combined, will produce different results for the final presentation of data access rules.

Manage List

For more details, refer to List Operations.

Notes

Cross-Workspace Query: If two workspaces contain the same application, according to the permission settings in the data access rules, specific roles can only view the filtered data of the application in the authorized workspace.

Prerequisite: Both Workspace A and Workspace B have the whytest-android application, and Workspace B has authorized the RUM application data viewing permission to Workspace A.

When configuring data access rules (as shown below), Workspace A restricts the "Custom Management" role to only view the data of source:kodo under the whytest-android application.

The following scenarios exist:

RUM Explorer

Since the explorer does not support cross-workspace queries, the "Custom Management" role can only view the RUM data of the whytest-android application in Workspace A in the RUM Explorer.

Dashboard

When selecting both Workspace A and Workspace B for data query, and querying the data of both whytest-android and whytest-ios applications in DQL. Since the current data access restriction rules restrict the "Custom Management" role, and the whytest-android application data in Workspace B and the whytest-ios application data in both Workspace A and Workspace B are not configured with access permissions.

Therefore, the "Custom Management" role can only access the whytest-android application data in Workspace A.

Further Reading

Feedback

Is this page helpful? ×