Get the playbook
Blog

Strengthening Data Governance with Data Access Controls and Custom Roles

September 19, 2024

Authored by TetraScience
Sr Product Manager
Sarib Haroon
Sr Product Manager

Imagine a pharmaceutical company handling confidential drug development data that should only be accessible to certain scientists in the company. Or consider an administrator trying to create a more tailored experience for an auditor who only needs to see configuration changes that might affect data integrity. To address such use cases, TetraScience has enhanced the platform's data governance capabilities with the introduction of two powerful features: Data Access Controls (launched in v4.0 of the Tetra Data Platform) and Custom Roles (introduced in v4.1). These functionalities help platform administrators in R&D and Manufacturing/QC IT to control who can access specific scientific data and platform functionalities. Together, they support a comprehensive strategy to tighten data security, ensure compliance, and streamline user management.

The Challenge: Data Sensitivity and Role Management

As organizations grow and data ecosystems expand, managing who can access what data becomes increasingly complex. Several challenges necessitate advanced solutions:

  1. Data Sensitivity: Organizations often handle highly sensitive data that should not be accessible to all users. For example, a biopharma company with multiple research sites needs to ensure that data generated at one location is accessible only to the teams authorized to work with it. 
  2. Inadequate Role Definitions: Standard roles are sometimes too broad or too narrow, failing to meet the specific needs of diverse user personas, such as developers, auditors, and data consumers. For example, a research lab may have auditors who only need to verify data integrity without editing it. Without a granular policy, access can be too permissive or too restrictive, impacting both security and productivity.
  3. Complexity in Managing Access: As teams and projects evolve, adjusting permissions and access rights can become burdensome, especially without a system for managing these changes. Tying this role and access management to single sign-on (SSO) simplifies the process and makes onboarding new users more scalable. 

The Solution: Advanced Access Controls and Custom Roles 

We understand the problems platform administrators face, and here’s how our solutions address them.

Access Controls

Access controls in the Tetra Data Platform (TDP) allow IT administrators to define and enforce data access policies at a granular level. This is achieved by creating access rules based on metadata (e.g., labels) and assigning these rules to specific access groups.

How it works:

  1. Create Access Groups: Administrators create specific access groups tailored to different user needs.
  2. Define Access Rules: Access rules are defined using metadata filters like site labels. These rules dictate which users can view or interact with specific datasets.
  3. Assign Users: Users are then assigned to these access groups, ensuring they can only access data that aligns with their role and responsibilities.

For example, an access rule could restrict a group of users to only view data tagged with "Project A," preventing them from accessing any other project data within the platform.​

Custom Roles

Custom roles give administrators the flexibility to create and assign roles that align precisely with the responsibilities and requirements of different user personas within the organization. This ensures that users have just the right level of access—no more, no less.

How it works:

  1. Create a Role: Administrators create a new role (e.g., "Auditor") by specifying its name and description.
  2. Assign Policies: The new role is then assigned to one or more of the nine available policies, which map to different functionalities within TDP. These policies allow view-only or full access per functionality, providing precise access control.
  3. Assign Users: Users are assigned to these roles, either directly or through SSO, making user management both secure and efficient.

For instance, an auditor role can be created to restrict access to only the audit trail section of the platform. 

The Value: Enhanced Security and Operational Efficiency

The introduction of access controls and custom roles brings substantial value to organizations using TDP, particularly in terms of data security and operational efficiency.

Access Controls – Example Use Case

Scenario: A large biopharma company has multiple research facilities; for example, one focused on drug discovery in Austin and another focused on molecular analysis in London. To comply with regulations and maintain data confidentiality, the company needs to ensure that data generated at each site is only accessible to teams working in that particular location. 

Value: By using TetraScience’s access controls, the company can create site-specific access groups. For instance, all data tagged with the label “Austin” can be restricted to users located in the Austin facility while users in London can only access data labeled “London.” This ensures that each site operates within its regulatory framework, safeguarding proprietary information and ensuring compliance. 

Custom Roles – Example Use Case

Scenario: A biotech company managing various roles—such as developers, auditors, and data scientists—needs to ensure that each team has access only to the platform functionalities relevant to their responsibilities. For example, the auditing team should only be able to review data logs and audit trails for regulatory compliance, while the pipeline development team requires full access to create, modify, and test data pipelines. 

Value: With custom roles, the organization can create specific roles such as "Auditor" with access only to audit trails, or "Pipeline Developer" with full access to the data but not the admin and audit trail sections. This ensures that each user interacts only with the parts of the platform they need, enhancing both security and efficiency. Moreover, the ease of managing these roles through SSO streamlines the onboarding and role adjustment processes, saving time and reducing administrative overhead​​.

Take Control of Your Scientific Data Today

As your organization grows and your data landscape becomes more complex, it's critical to have the right tools to manage access and roles efficiently. With TetraScience’s Access Controls and Custom Roles, you can now implement precise, secure, and flexible data governance strategies tailored to your organization's unique needs.

Start enhancing your data security and governance today by exploring these new functionalities within TDP. Visit our documentation for Custom Roles and Access Controls to get started, or contact our support team to schedule a personalized demo.

Empower your teams with the control they need, while ensuring your data remains secure and compliant.