otamo VaultSpeed-Release-5.7

Release 5.7 | User Management, Role-Based Access Control, and Action Log

This release will significantly enhance the security of your VaultSpeed setup.

This release includes three essential features for enterprise customers:

  1. Customers now have the capability to manage all users within their subscription.
  2. Security privileges have been implemented to all actions that can be performed in VaultSpeed. Additionally, a layer of user roles has been added, which can be utilized to establish the VaultSpeed SaaS environment with full segregation of duties.
  3.  Auditability has been increased by providing an action log that enables tracking of all activities performed and their respective performers.

Simplifying user management

In the past, the customers had to manage their users exclusively through the support portal. While this method proved to be effective, it often led to delays and limited flexibility in user management.

Additionally, all users were granted equal privileges, leaving customers with no control over who could perform specific actions.

It was impossible to differentiate between a paid user and a free read-only user. This feature has been requested by many of the customers.

These issues have been resolved, as customers can now create, configure, and delete users independently.

The updated user management system is almost entirely self-service, enabling customers to create new users, assign them to paid automation seats, and designate pre-defined user roles or specific privileges.

Moreover, users can be disabled, enabled, or deleted as needed. Password resets and access to the support portal can also be triggered.

Hello to users with read-only access

One of the major benefits of the new setup is that customers are able to onboard additional VaultSpeed users who only need read access to the data models or other artifacts created in VaultSpeed.

To make that happen, the restriction on the number of users that can log in to VaultSpeed at the same time (concurrent users) has been removed. Instead, the “Automation Seat” has been introduced. Users assigned an automation seat can be assigned to any role or privilege.

Other users will have a default “view only” role, which only grants them read-only access to VaultSpeed.

The customer can entirely set up the assignment of seats.

Users who were already developing data transformations with VaultSpeed should be assigned to the automation seats. Viewer users are an excellent tool for business analysts, data stewards, data management or business report developers who want to better understand the data models and business rules built in VaultSpeed.

Role-based access control

Role-Based Access Control (RBAC) is a security mechanism that limits system access based on predefined user roles. This feature aims to improve security by allowing administrators to manage user permissions more efficiently.

With VaultSpeed’s implementation of RBAC, customers can create customized security setups for their data teams. Two types of predefined user roles can be distinguished.

Ready-to-use Strategic Roles

VaultSpeed offers a set of predefined roles that come with specific application and artifact permissions to cater to the everyday needs of various user groups within an organization. These roles are designed to include the following:

  1. Security Administrator: Responsible for managing user security and granting administration roles to other users and roles.
  2. Billing Administrator: Manages billing-related tasks and oversees the financial aspects of VaultSpeed usage.
  3. Development Supervisor: Oversees and directs development activities for entire projects within VaultSpeed.
  4. Source Development Supervisor: Oversees and directs development activities for data sources within VaultSpeed.
  5. Raw Data Vault Development Supervisor: Oversees and directs development activities for Raw Data Vaults within VaultSpeed.
  6. Business Data Vault Development Supervisor: Oversees and directs development activities for Business Data Vaults within VaultSpeed.
  7. DevOps Supervisor: Manages DevOps-related tasks and ensures the integration of VaultSpeed with the organization’s development pipeline.
  8. Viewer: Has limited read-only access to VaultSpeed data and resources.

Customizable Roles

VaultSpeed RBAC offers support for customized roles and permissions, allowing organizations to create unique roles that fit their specific needs.

This flexibility enables the creation of roles with distinct permission sets, which grants users access aligned with their job functions. For example, you can create a role named ‘System Parameter Configurator’, which has permissions to modify system settings, or you could create a development supervisor with access only to a particular project.

Full auditability

The last major improvement in this release is the addition of an action log. This log contains a detailed record of every event that occurs in VaultSpeed, including the time of each action, the user responsible, the artifact involved, the operation performed, and the API call request body.

The log can be filtered by any of these criteria, making it easy to trace back and identify a sequence of actions that led to an error. This information can then be used to prevent similar errors from occurring in the future.

Posted in DatenintegrationTags

About Author: Florian Grell

 Managing Director