Guides

Security & Compliance

Tacnode provides enterprise-grade security features to protect your data warehouse infrastructure and ensure compliance with industry standards. This guide covers all aspects of securing your Tacnode environment, from network-level protection to fine-grained data access controls.

Network Security

Private Network Connectivity

Secure your data transmission with private network connections that bypass the public internet entirely.

Private Link: Connect your VPC directly to Tacnode nodegroups using private network links, ensuring all traffic remains within your controlled network infrastructure.

IP Access Lists: When public network access is required, use IP allowlists to restrict database connections to specific, authorized IP addresses and ranges.

User and Access Management

Global User Management

Centralized user administration across your entire Tacnode platform with role-based access controls.

Data Cloud Roles: Manage platform-level permissions with built-in roles for administration, operations, and viewing access.

Cross-Database Access: Global users can access multiple databases with consistent authentication and centralized permission management.

Database-Level Security

Privilege Management: Implement PostgreSQL-compatible user and role systems with support for both global and local users.

System Authorization: Control platform service access with granular authorization for backup operations, monitoring, and technical support.

Data Protection

Fine-Grained Access Controls

Implement precise data access restrictions at multiple levels to protect sensitive information.

Row-Level Security: Control access to individual table rows based on user identity, tenant separation, or custom business logic.

Column-Level Security: Restrict access to specific table columns, allowing users to see only the data they're authorized to access.

Security Best Practices

Defense in Depth

  • Network Isolation: Use private links and VPC connectivity whenever possible
  • Access Controls: Implement least-privilege access with role-based permissions
  • Monitoring: Enable audit logging and activity monitoring for all database operations
  • Regular Reviews: Conduct periodic access reviews and permission audits

Compliance Considerations

  • Data Sovereignty: Control data location and movement with region-specific deployments
  • Audit Trails: Maintain comprehensive logs of all user activities and system changes
  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols
  • Access Documentation: Document all user roles, permissions, and access patterns

Quick Start Security Checklist

For new Tacnode deployments, follow this security setup checklist:

  1. Configure Network Security

    • Set up Private Link connections for production environments
    • Define IP access lists for any public network access
    • Review and approve all network connectivity requirements
  2. Establish User Management

    • Create global users for cross-database access
    • Set up role-based access control structure
    • Implement simple permission models for common use cases
  3. Enable Data Protection

    • Configure row-level security for multi-tenant scenarios
    • Set up column-level restrictions for sensitive data
    • Test access controls with non-privileged users
  4. Implement Monitoring

    • Enable system authorization for platform services
    • Set up audit logging for compliance requirements
    • Configure alerts for unusual access patterns
  5. Document and Review

    • Document all security configurations and procedures
    • Schedule regular security reviews and access audits
    • Train team members on security best practices

This comprehensive security framework ensures your Tacnode data warehouse meets enterprise security requirements while maintaining operational efficiency.

On this page