GuidesSecurity & Compliance

System Authorization

Tacnode implements a comprehensive security model where no direct access to user data is permitted without explicit authorization. This system ensures data privacy while enabling essential platform services and technical support when needed.

Security Architecture Overview

Zero Trust Data Access

Tacnode's security model is built on the principle that:

  • No Direct Access: Platform services cannot access user data without explicit permission
  • User-Controlled Authorization: All access requires user-initiated authorization
  • Auditable Operations: All authorized activities are logged and traceable
  • Time-Limited Access: Authorizations automatically expire after specified periods
  • Granular Control: Users can authorize specific services for specific purposes

Data Protection Guarantees

Privacy Assurance:

  • Platform administrators cannot view or access customer data
  • Technical support requires explicit user permission for any data access
  • All system operations use service-specific, limited-scope credentials
  • Data encryption ensures content remains protected even during authorized access

Compliance Framework:

  • Meets SOC 2 Type II requirements for access controls
  • Supports GDPR and other privacy regulation compliance
  • Maintains audit trails for all access and authorization events
  • Implements separation of duties between platform and data access

Service Authorization Types

Platform Services

SQL Activity Monitoring Service:

  • Purpose: Query performance analysis and optimization
  • Required Access: Read-only connection metadata and query statistics
  • Benefits: Usage analytics, resource planning insights, monitoring dashboards
  • Authorization Scope: Connection logs, performance metrics, query patterns

Backup Service Operations:

  • Purpose: Automated data protection and disaster recovery
  • Required Access: Database snapshots and backup storage management
  • Benefits: Automated backups, cross-region replication, retention management
  • Authorization Scope: Backup creation, verification, cleanup operations

Infrastructure Management:

  • Purpose: Platform maintenance and optimization
  • Required Access: System configuration and resource monitoring
  • Benefits: Auto-scaling, security updates, performance optimization
  • Authorization Scope: Nodegroup management, software updates, health monitoring

Data Integration Services

Data Sync Service:

  • Purpose: ETL operations and data pipeline management
  • Required Access: Source and target database connectivity
  • Benefits: Automated data movement, transformation, and synchronization
  • Authorization Scope: Schema discovery, data reading/writing, pipeline monitoring

Connection Services:

  • Purpose: Connectivity testing and configuration validation
  • Required Access: Network path testing and credential validation
  • Benefits: Ensures reliable data connections and integration health
  • Authorization Scope: Connection testing, network validation, schema access verification

Technical Support Services

Operator Access (operator@tacnode.app):

  • Purpose: Technical troubleshooting and issue resolution
  • Required Access: Temporary, scoped database access for diagnosis
  • Benefits: Expert support, rapid issue resolution, performance optimization
  • Authorization Scope: Query execution, log analysis, configuration review

Managing Service Authorization

Authorization Workflow

Step 1: Service Selection

  1. Navigate to Data Cloud → Security → Service Authorization
  2. Review available services requiring authorization
  3. Assess business need for each service
  4. Select appropriate services for your use case

Step 2: Permission Configuration

  1. Define Access Scope

    • Specify which databases and schemas services can access
    • Set operation limits (read-only vs. read-write)
    • Configure resource usage boundaries
    • Define data access restrictions

  2. Set Duration and Timing

    • Choose authorization duration (hours, days, permanent)
    • Configure automatic expiration settings
    • Set up renewal notification alerts
    • Define emergency revocation procedures

  3. Configure Monitoring

    • Enable service activity logging
    • Set up access notification alerts
    • Configure resource usage monitoring
    • Define audit trail requirements

Step 3: Activation and Monitoring

  1. Service Activation

    • Review and confirm authorization settings
    • Activate selected services with defined permissions
    • Verify service connectivity and functionality
    • Document authorization decisions and scope

  2. Ongoing Monitoring

    • Monitor service activity through audit logs
    • Track resource usage and performance impact
    • Review authorization scope periodically
    • Adjust permissions as requirements change

Support Authorization Workflow

Emergency Support Access:

  1. Request Initiation

    • Contact support with detailed issue description
    • Provide error messages, symptoms, and business impact
    • Specify affected systems and urgency level
    • Request specific support access requirements

  2. Authorization Configuration

    • Select resources requiring support access
    • Define access duration (typically 24-72 hours)
    • Choose monitoring and notification settings
    • Set up real-time activity tracking

  3. Active Support Session

    • Monitor support activities in real-time
    • Review SQL queries and operations performed
    • Communicate with support team throughout process
    • Document troubleshooting steps and findings

  4. Session Closure

    • Verify issue resolution and system stability
    • Review complete activity log and actions taken
    • Revoke support access or allow automatic expiration
    • Document lessons learned and preventive measures

This comprehensive system authorization framework ensures that your data remains secure while enabling the platform services and support capabilities necessary for optimal Tacnode operation.

Previous

IP Access Lists

Next

Row-Level Security

On this page