Usage restrictions

Overview

For high-risk data, it is often important that full data are never downloaded to a non-sandbox environment. To handle this use case, Redivis implements the concept of usage restrictions. Usage restrictions define what actions a research can take with a dataset once they have data access.

Usage restrictions can be applied to any organization-owned dataset, either as part of the dataset's access configuration or on a permission group. These restrictions are visible to any user applying for access, and will also be shown in the table export interface.

If a table is derived from multiple datasets, the export restrictions on that table will represent the intersection of the most constrained restrictions from each dataset.

Dataset can be governed by usage restrictions

Restriction types

All export restrictions apply to interactions through the web UI as well as through API calls. They can be configured as to whether they allow researchers to request exceptions.

Restrictions apply to all users of a dataset, including administrators of the dataset's organization.

Download size (GB)

Users may not download tables derived from the dataset that are over this threshold, unless granted an exception for that table.

Download size (rows)

Users may not download tables derived from the dataset that are over this threshold, unless granted an exception for that table.

Download location

Users may only download tables derived from this dataset to the particular location, unless granted an exception for that table.

The download location is specified by an IP address or subnet. You can define locations used by your organization in the organization's settings.

Download approval

Users must first get administrator approval before they can download any table derived from this dataset.

Configuring restrictions

Restrictions are only available to organization-owned datasets. Restrictions can be added to a dataset through the access configuration interface, or standardized across datasets through a permission group.

Configure restrictions in the dataset access configuration or on a permission group

Requesting exceptions

Some restrictions will disallow any exceptions, while others might allow exceptions on a case-by-case basis.

If the particular restriction does allow exceptions, and you feel that your use case merits it, you may request an exception by clicking the Apply for exception button. Exceptions apply only to individual tables — you cannot request blanket exceptions to a dataset.

This workflow is similar to requesting requirement approval, and an administrator will be alerted to your request, where they can either approve or reject the exception.

Request export exceptions when available

Approving exceptions

When a member of an organization submits an export exception request, it will show up as an alert for that member, directing you to the Restriction exceptions tab. If you open the exception request, you will see details about the table that is being requested, alongside the ability to view that table in the context of the researchers' project. The request can be approved or rejected much the same way as requirements.

Approve exception requests on the administrator panel