Security & Compliance
Tacnode provides enterprise-grade security features to protect your data warehouse infrastructure and ensure compliance with industry standards. This guide covers all aspects of securing your Tacnode environment, from network-level protection to fine-grained data access controls.
Network Security
Private Network Connectivity
Secure your data transmission with private network connections that bypass the public internet entirely.
Private Link: Connect your VPC directly to Tacnode nodegroups using private network links, ensuring all traffic remains within your controlled network infrastructure.
IP Access Lists: When public network access is required, use IP allowlists to restrict database connections to specific, authorized IP addresses and ranges.
User and Access Management
Global User Management
Centralized user administration across your entire Tacnode platform with role-based access controls.
Data Cloud Roles: Manage platform-level permissions with built-in roles for administration, operations, and viewing access.
Cross-Database Access: Global users can access multiple databases with consistent authentication and centralized permission management.
Database-Level Security
Privilege Management: Implement PostgreSQL-compatible user and role systems with support for both global and local users.
System Authorization: Control platform service access with granular authorization for backup operations, monitoring, and technical support.
Data Protection
Fine-Grained Access Controls
Implement precise data access restrictions at multiple levels to protect sensitive information.
Row-Level Security: Control access to individual table rows based on user identity, tenant separation, or custom business logic.
Column-Level Security: Restrict access to specific table columns, allowing users to see only the data they're authorized to access.
Security Best Practices
Defense in Depth
- Network Isolation: Use private links and VPC connectivity whenever possible
- Access Controls: Implement least-privilege access with role-based permissions
- Monitoring: Enable audit logging and activity monitoring for all database operations
- Regular Reviews: Conduct periodic access reviews and permission audits
Compliance Considerations
- Data Sovereignty: Control data location and movement with region-specific deployments
- Audit Trails: Maintain comprehensive logs of all user activities and system changes
- Encryption: Data is encrypted in transit and at rest using industry-standard protocols
- Access Documentation: Document all user roles, permissions, and access patterns
Quick Start Security Checklist
For new Tacnode deployments, follow this security setup checklist:
-
Configure Network Security
- Set up Private Link connections for production environments
- Define IP access lists for any public network access
- Review and approve all network connectivity requirements
-
Establish User Management
- Create global users for cross-database access
- Set up role-based access control structure
- Implement simple permission models for common use cases
-
Enable Data Protection
- Configure row-level security for multi-tenant scenarios
- Set up column-level restrictions for sensitive data
- Test access controls with non-privileged users
-
Implement Monitoring
- Enable system authorization for platform services
- Set up audit logging for compliance requirements
- Configure alerts for unusual access patterns
-
Document and Review
- Document all security configurations and procedures
- Schedule regular security reviews and access audits
- Train team members on security best practices
This comprehensive security framework ensures your Tacnode data warehouse meets enterprise security requirements while maintaining operational efficiency.
Private Link
Secure your Tacnode connections with Private Link technology, enabling private network access without exposing data to the public internet.
Global User Management
Comprehensive guide to managing global users and platform-level permissions in Tacnode's Data Cloud environment.
Privilege Management System
Comprehensive guide to TacNode's privilege management system, including user management, role-based access control, and practical implementation strategies for enterprise security.
IP Access Lists
Configure IP-based access restrictions to secure your Tacnode databases and control which networks can connect to your nodegroups.
System Authorization
Control platform service access with granular authorization for backup operations, monitoring, and technical support in Tacnode.
Row-Level Security
Implement fine-grained data access control with row-level security policies to restrict which table rows users can view or modify.
Column-Level Security
Implement fine-grained column-level access controls to protect sensitive data fields and restrict user access to specific table columns.