For restricted data, it is often important that authenticated users cannot download or otherwise make copies of a dataset or its derivatives. To handle this use case, Redivis implements the concept of export restrictions.
Export restrictions are defined on a permission group, meaning that all datasets that belong to the permission group will inherit the corresponding export restrictions.
Prevents all exports over a certain size threshold, measured in bytes.
Prevents all exports over a certain number of records.
Provides a whitelist of IP addresses and/or subnets (comma separated) to which a user can export data.
In certain circumstances, administrators may want to approve an export that exceeds one or more export restriction. For example, if a user has special authorization to export data derivatives to another environment, or to handle the case where administrators want to review every export individually.
Users will need to request exceptions on any table that they'd like to export, and administrators can accept or reject theses exception requests.
An exception request applies to one table only, and will remain approved as long as the original variables referenced by that table remain unchanged and the number of records and bytes in the table do not exceed more than twice what they were when the export request was approved. This is done to allow users to slightly modify their upstream code without needing to request a new exception, as long as those code modifications do not leak materially different data than was previously approved.