magicseth
magicsethā€¢13mo ago

Managing dashboard permissions

We are storing sensitive information in our db. I'd like to restrict the number of developers who have access to sensitive tables through the dashboard. And I'd also like to add auditing when a developer does use the dashboard. Is that possible with any tricks today?
7 Replies
ian
ianā€¢13mo ago
One approach users working with contractors have taken is they have a separate team for prod that only they are on. Deploy keys for prod are on the build server. Non-ideal but until we have granular permissions this is what Iā€™d do Each developer can use their personal team or a second shared team with all to benefit from shared env defaults and consolidated per-user billing
magicseth
magicsethOPā€¢13mo ago
is it possible to disable the dashboard completely? (Thanks šŸ™‚ )
ian
ianā€¢13mo ago
Out of curiosity, if you disable the dashboard, what does them being on the same team do for you?
magicseth
magicsethOPā€¢13mo ago
We have a goal of having all data access being auditable. That means that we'd want every access to the production database to go through our queries so we could log them.
ian
ianā€¢13mo ago
Gotcha. So you do want to provide access to prod data, but you want it to be audit logged - and limited for some users. That all makes sense. Until we have fine-grained permissions, I bet the most robust solution would be to have a streaming export to a table that you build a dedicated ReTool UI for. They have all the permissions, auditing, and you can limit fine-grained things like tables, fields, etc. with a UI builder. I used it about a year and a half ago and was very surprised how well it worked. You could also have it hit a custom HTTP API for functions you expose, but my guess is it'd be easier to export to a trusted DB - from which you could also do other analytics workloads. How far off is that from what you're looking for?
magicseth
magicsethOPā€¢13mo ago
That makes sense. At the end of the day, I don't want people to have to trust me, or whoever owns the convex deployment, but that can wait a bit šŸ™‚
ian
ianā€¢13mo ago
Ah, right. Audit log for your actions too. Good call - once we get better audit logging this will be more airtight. Thanks for your patience.

Did you find this page helpful?