Overview

Incorta is a modern data analytics platform that prioritizes data security to ensure the integrity, confidentiality, and accessibility of data. Its security features are designed to safeguard sensitive information, especially in environments where diverse teams access data for analysis. Below are the key components of Incorta Data Security:

1. Role-Based Access Control (RBAC)

• Users and groups are assigned specific roles with granular permissions.
• Access to dashboards, schemas, and data is limited based on user roles.
• Roles ensure that only authorized users can view, edit, or share sensitive data.

2. Row-Level Security

• Filters can be applied to restrict access to specific rows of data based on user attributes or roles.
• This ensures that users only see data relevant to their role or department, such as sales region or business unit.
• Check a sample usecase below on how to implement this.

3. Column-Level Security

• Sensitive columns, such as personally identifiable information (PII) or financial data, can be restricted.
• Permissions determine who can access specific columns within a dataset.

4. Data Encryption

• At Rest: Data stored within Incorta is encrypted to protect against unauthorized access.
• In Transit: Communication between the Incorta platform and its clients is secured using protocols like TLS/SSL.

5. Authentication and Single Sign-On (SSO)

• Supports integration with enterprise identity providers (e.g., Okta, Azure AD, LDAP).
• Enables SSO for seamless and secure user access.
• Multi-factor authentication (MFA) adds an extra layer of security.

6. Audit Logs

• Tracks user activity, such as data access, modifications, and sharing.
• Enables compliance with regulatory requirements and provides insights into unauthorized attempts.

7. Data Masking

• Sensitive data elements can be masked to prevent exposure of confidential information.
• This ensures compliance with privacy regulations like GDPR and CCPA.

8. Secure Data Connections

• Connects securely to various data sources, including databases, applications, and cloud platforms.
• Credentials and access tokens are stored securely to prevent unauthorized usage.

9. Data Sharing and Collaboration

• Fine-grained controls for sharing dashboards or data.
• Sharing options allow for read-only access or collaboration with editing privileges.

10. Compliance

• Incorta adheres to industry security standards, such as SOC 2, ISO 27001, and GDPR, ensuring the platform is secure and meets regulatory requirements.

Benefits of Incorta's Data Security

• Confidentiality: Protects sensitive data from unauthorized access.
• Integrity: Ensures that data is accurate and unaltered.
• Scalability: Security features are flexible and adapt to organizational needs as they grow.
• Ease of Use: Security settings are user-friendly, enabling administrators to manage permissions effectively.

This robust approach to data security makes Incorta a reliable platform for businesses handling critical and sensitive data.

Here is an sample use case of of how to implement data security based on a CRM Team data model

Team Data Model

• A person may belong to multiple teams and a team may have multiple people.
• A Team may belong to multiple Team Sets and
• Accounts are secured by Team sets

• Each Account record is owned by one team set. Only members of the teams belonging to the team sets can access that record. 

Requirements

1. Regular Security

• Secure the Accounts data by the Team Set security (model above).
• Secure the Activity data by user’s market, for example, US Education, EMEA  etc.

2. Exception Security

One or more Incorta users belong to certain groups that need to view all records. The groups can be:  ExecutiveGroup (who can see everything), DirectorGroup, etc.

Design

1. My List of Teams

We get the list of team set IDs for the user by populating an external session variable ($GetTeamSets) to get the list of TEAM Set IDs for the logged in user ($user).

SELECT tst.team_set_id

FROM team_memberships tm,users_vw u,team_sets_teams tst

WHERE u.employee_id_c = $user

AND tm.user_id = u.id

and tst.team_id = tm.TEAM_ID

2. My Market

Get the Market by populating an internal session variable ($V_UserMarket)  by using the following expression:

query(<schema>.USERS_VW.market,<schema>.USERS_VW.LOGINNAME=$user)

3. Exception Users

Create a simple table called SeeAllDepartments (loginname,access_flag) to store users who can see all departments. You can use an excel file or a database table.

Refresh the table when you add new uses to these exception groups.

Populate another internal session variable ($CheckUserInList) to check if the current user exists in the above table. Use Y or N for session variables by using the following expression:

query(lookup(<schema>.SeeAllDepartments.ACCESS_FLAG, (<schema>.SeeAllDepartments.LOGINNAME, $user))

4. Security Filter

Add a security filter to the schema table you want to secure based on the following variables:

1. Secure <schema>.ACCOUNTS table using the following runtime security filter in the schema: or($user=’admin’,$CheckUserInList='Y',inlist(<schema>.ACCOUNTS.TEAM_SET_ID,$GetTeamSets))
2. Secure <schema>.ACTIVITIES table using the following runtime security filter in the schema table: or($user=’admin’,$CheckUserInList='Y',<schema>.USER_CREATED.market =$V_UserMarket)

This condition turns all records true if the user is an administrator or member of the exception groups. For other users, the condition adds an implicit condition to any query on table, so users only see records for their own teams or market.

Note

Session variables are populated at login time from Incorta data, so security filters are as of the last refresh in Incorta.