Overview

It is common for organizations to host data of various security profiles. Some data may be publicly available to anyone on the internet, some data may require individuals to assert their identity or fill out paperwork, and some data may only be available to a handful of individuals who are prevented from ever exporting or downloading the data.

Redivis makes it easy for organization administrators to define, manage, and audit access rules across these various use cases.

Defining access

All interactions with data on Redivis require the user to have the appropriate access level to the data for a given action. There are five data access levels on Redivis: "none", "overview", "metadata", "data", and "edit". You can read more about the different access levels and their implications in the dataset access documentation.

The rules for accessing a given dataset are defined by the permission group that the dataset belongs to. In order for a user to achieve a given level of access to a dataset, they must first complete all requirements defined on the corresponding permission group for that level of access.

Even once an individual has full data access, it is possible to define various usage and export restrictions to modulate and/or prevent how data is used and whether it can move to systems out side of Redivis.

User roles

When a user is interacting with an organization or its content, they do so as one of three roles:

Unauthenticated

An unauthenticated user is any user that is either 1) not logged in to Redivis; or 2) not a member of the organization. Unauthenticated users cannot fulfill requirements in order to gain access to data, though they can view any public data content.

For example, if there is a permission group with no requirements for "Overview" access, and one requirement for "Metadata" access, then anyone on the internet will be able to view basic overview information about the dataset, but not its variables or their summary statistics.

Member

Any user can apply to become a member of a particular organization. This membership will provide the organization with basic identity information (name, username, authentication credentials - e.g. user@domain.edu) as well as any supplementary information you choose to collect through the membership form.

A member doesn't inherently have any additional access rights compared to an unauthenticated user, though they can gain access to data by submitting requirements for approval.

Administrator

Administrators have full rights to modify and manage an organization. They can create and edit content, approve members and their requirements, and add / remove other administrators. They can also navigate to the organization's admin panel.

Administrators have edit access to all datasets within the organization, regardless of whether they have completed the requirements normally required to gain access to that dataset.