Access Control
Users with Owner or Admin roles within a Rollstack organization can add and configure data sources. This centralized control mechanism ensures that data configuration aligns with organizational policies and access privileges.
Our platform rigorously follows the data separation rules and Role-Based Access Control (RBAC) systems established in the original Data Source. This approach guarantees that data handling and access permissions are consistent with your existing security protocols.
- Shared vs. User-Specific Fields: Depending on the nature of your Data Source, credentials may include shared fields (such as instance URLs or common secrets) accessible to all relevant users within your organization.
- Protection of User-Specific Fields: To prevent unauthorized access or accidental credential overrides, only organization admins are permitted to modify user-specific fields. This safeguard is critical for preventing potential data security breaches.
Metabase does not support yet any authentication method that is not based on username and password
However, they have announced upcoming support for API Keys in their upcoming release in their version v49
For optimal security and accessibility, we recommend that the same individual hold admin roles in both the original Data Source and Rollstack. This ensures:
- Credential Access Admins can readily access and update relevant credentials within both systems as needed.
- Security Integrity The adherence to data security rules is seamlessly maintained, eliminating the risk of breaches through Rollstack.
By implementing these guidelines, Rollstack facilitates a secure, controlled environment for managing Data Sources, ensuring that your data is handled with the highest standards of security and efficiency.
ALL credentials and sensitive data are encrypted using Advanced Encryption Standard (AES).
Encryption keys are stored in a separate vault in our cloud provider Amazon Web Services (AWS) and no authorised personel can access these encryption keys.
Only specific internal scripts can encrypt or decrypt these credentials.
Encryption keys are rotated every three months.
Rollstack holds a SOC 2 Type II certification.
Entreprise customers can request access to our trust report.