Export restrictions

For restricted data, it is often important that authenticated users cannot download or otherwise make copies of a dataset or its derivatives. To handle this use case, Redivis implements the concept of export restrictions.

Export restrictions are defined on a permission group, meaning that all datasets that belong to the permission group will inherit the corresponding export restrictions.

If a table is derived from datasets across multiple permission groups, the export restrictions on that table will represent the intersection of the most constrained restrictions from either dataset.

Export restriction types

Size

Prevents all exports over a certain size threshold, measured in bytes.

Record count

Prevents all exports over a certain number of records.

IP Address

Provides a whitelist of IP addresses and/or subnets (comma separated) to which a user can export data.

To prevent all data exports, simply set the record count restriction to "0".

When used in conjunction with export exceptions (see below), this provides a mechanism by which administrators can review and approve all exports before they happen.

Export exceptions

In certain circumstances, administrators may want to approve an export that exceeds one or more export restriction. For example, if a user has special authorization to export data derivatives to another environment, or to handle the case where administrators want to review every export individually.

Users will need to request exceptions on any table that they'd like to export, and administrators can accept or reject theses exception requests.

An exception request applies to one table only, and will remain approved as long as the original variables referenced by that table remain unchanged and the number of records and bytes in the table do not exceed more than twice what they were when the export request was approved. This is done to allow users to slightly modify their upstream code without needing to request a new exception, as long as those code modifications do not leak materially different data than was previously approved.