Intro
Release 5.7 comprises three essential features for enterprise customers:
- Customers now have the capability to manage all users within their subscription.
- We have implemented security privileges to all actions that can be performed in VaultSpeed. In addition, we have added a layer of user roles, which can be utilized to establish your VaultSpeed SaaS environment with full segregation of duties.
- We have increased auditability by providing an action log that enables tracking of all activities performed and who performed them.
Simplifying user management
In the past, our customers had to manage their users exclusively through our support portal. While this method proved to be effective, it often led to delays and limited flexibility in user management.
Additionally, all users were granted equal privileges, leaving customers with no control over who could perform specific actions.
It was impossible to differentiate between a paid user and a free read-only user. This feature has been requested by many of our customers.
We are pleased to inform you that these issues have been resolved, as customers can now create, configure, and delete users independently.
Our updated user management system is almost entirely self-service, enabling customers to create new users, assign them to paid automation seats, and designate pre-defined user roles or specific privileges.
Moreover, users can be disabled, enabled, or deleted as needed. Password resets and access to the support portal can also be triggered.
Hello to users with read-only access
One of the major benefits of the new setup is that customers are able to onboard additional VaultSpeed users who only need read access to the data models or other artifacts created in VaultSpeed.
To make that happen, we have removed the restriction on the number of users that can log in to VaultSpeed at the same time (concurrent users). Instead, we have introduced the "Automation Seat". Users assigned an automation seat can be assigned to any role or privilege.
Other users will have a default "view only" role, which only grants them read-only access to VaultSpeed.
The customer can entirely set up the assignment of seats.
Users who were already developing data transformations with VaultSpeed should be assigned to the automation seats. Viewer users are an excellent tool for business analysts, data stewards, data management or business report developers who want to better understand the data models and business rules built in VaultSpeed.
Role-based access control
Role-Based Access Control (RBAC) is a security mechanism that limits system access based on predefined user roles. This feature aims to improve security by allowing administrators to manage user permissions more efficiently.
With VaultSpeed's implementation of RBAC, customers can create customized security setups for their data teams. Two types of predefined user roles can be distinguished.
Ready-to-use Strategic Roles
VaultSpeed offers a set of predefined roles that come with specific application and artifact permissions to cater to the everyday needs of various user groups within an organization. These roles are designed to include the following:
- Security Administrator: Responsible for managing user security and granting administration roles to other users and roles.
- Billing Administrator: Manages billing-related tasks and oversees the financial aspects of VaultSpeed usage.
- Development Supervisor: Oversees and directs development activities for entire projects within VaultSpeed.
- Source Development Supervisor: Oversees and directs development activities for data sources within VaultSpeed.
- Raw Data Vault Development Supervisor: Oversees and directs development activities for Raw Data Vaults within VaultSpeed.
- Business Data Vault Development Supervisor: Oversees and directs development activities for Business Data Vaults within VaultSpeed.
- DevOps Supervisor: Manages DevOps-related tasks and ensures the integration of VaultSpeed with the organization's development pipeline.
- Viewer: Has limited read-only access to VaultSpeed data and resources.
Customizable Roles
VaultSpeed RBAC offers support for customized roles and permissions, allowing organizations to create unique roles that fit their specific needs.
This flexibility enables the creation of roles with distinct permission sets, which grants users access aligned with their job functions. For example, you can create a role named 'System Parameter Configurator', which has permissions to modify system settings, or you could create a development supervisor with access only to a particular project.
Full auditability
The last major improvement in this release is the addition of an action log. This log contains a detailed record of every event that occurs in VaultSpeed, including the time of each action, the user responsible, the artifact involved, the operation performed, and the API call request body.
The log can be filtered by any of these criteria, making it easy to trace back and identify a sequence of actions that led to an error. This information can then be used to prevent similar errors from occurring in the future.