Skip to main content

User Permissions

How do Splashback permissions work?#

Permissions are managed using the Portal or API and are used for assigning access to users on the Splashback platform. This page is designed to give a comprehensive overview of the Splashback permission system, so you are confident sharing data using the Splashback platform both inside and outside you team.

Using the Portal#

The Portal is the most simple and intuitive way to manage permissions on Splashback. On the Dashboard, you are presented with a complete, interactive graphical representation of your Tenant(s), User(s) and Pool(s) as well as all permissions between them. To learn more about using the Dashboard, see the Portal Dashboard page.

Using the API#

You can use the Splashback User API to integrate your existing IaaS (Identity-as-a-Service) platform or other employee management system with Splashback. See the API docs for more.

Authorization levels#

Each permission has one of the following authorization levels.

LevelPermissions
None-
ViewerCan view data.
PublisherCan view and create data.
GovernorCan view, create and edit data.
Can view other users with access.
OwnerCan view, create and edit data.
Can view and modify user access.

Permission paths#

There are three permission paths available. Each permission path has an authorization level associated with it, and paths are chained using the "Principal of Least Privilege" (PoLP) to determine a users' authorization level. PoLP means that if a user has multiple permission paths to a Pool, then the least authorization level will be granted. For more on this, see the Tenant Permissions section.

PathDescription
User โ†’ PoolAssigns access to a Pool directly to a User.
User โ†’ TenantAssigns access to a Tenant directly to a User.
The User inherits any permissions the Tenant has to Pools, but uses the PoLP.
Tenant โ†’ PoolAssigns access to a Pool directly to a Tenant.
Users with permissions to the Tenant inherit this permission, but uses the PoLP.

Pool permissions#

These are the simplest form of permissions and use the User โ†’ Pool permission path.

Pool Owners can assign these permissions to other Users to grant them access to the Pool.

For example, your consultant uses Splashback to provide their service, and you already manage your data with Splashback. You can assign them Viewer permissions on the relevant Pool by creating a User โ†’ Pool permission with an authorization level of Viewer.

Tenant permissions#

Tenant permissions use the User โ†’ Tenant and Tenant โ†’ Pool paths, and allow for far greater flexibility in a team environment. These permissions are combined with any Pool permissions using the PoLP.

Tenant Governors and Viewers do not have any administrative privileges on the Tenant. User โ†’ Tenant permissions are combined with Tenant โ†’ Pool permissions and can be used for creating default User permissions in a Tenant.

For example, you may want all employees of your company or organization to have Governor permission on your two Pools by default. You can then create a Tenant โ†’ Pool permission with an authorization level of Governor to each of the two Pools, and then create a User โ†’ Tenant permission with an authorization level of Governor to each of your users. If you onboard a new employee who you determine isn't yet ready to have write access to your pool data, you can either update their User โ†’ Tenant permission with an authorization level of Viewer so they have Viewer access to all Pools, or create User โ†’ Pool permissions to specific pools with an authorization level of Viewer to grant them Viewer permissions on specific Pools using the PoLP. You can also hide a specific Pool from a User by updating their User โ†’ Pool permission with no authorization level (None).

Tenant Owners have the following administrative privileges on the Tenant:

  • Can create new Pools and Users. The Owner can provision new Splashback resources using the Portal or API.
  • Can view all Permissions assigned to Members. This allows the Owner to see exactly who has access to what data, both inside and outside the Tenant.
  • Can audit API keys. To read more about API keys, see the API docs here.
  • Can manage billing. To read more about billing management, see the Billing Management page here.