Managing data access starts with observing existing access to data. Raito Cloud displays the existing access from day 1 and continues to do so. These insights are provided in multiple places within Raito Cloud, as they all cover a different angle:
- Data objects: all access to a single data object is grouped on the
Accesstab of a data object
- Users: all access for a given user is grouped on the
Accesstab of a user
- Dashboard: the dashboard provides an aggregated overview of access, both based on data objects and users.
ℹ️ To view observability insights, you need the necessary permissions. See Raito user management for more information on which roles can see what in Raito.
Most insights provided by Raito Cloud, combine data access and data usage. As such they will be discussed on Usage observability.
Within this section, only the observability widgets limited to data access are covered.
The dashboard contains a widget called
Access Coverage. This widget offers a matrix, where you can see per user the percentage of access to a data source. For databases, this percentage is calculated based on the percentage of tables you can access.
Next to this, a total aggregation is shown. This widget provides you with great insights into the blast-radius in case of a credential breach.
Every user known in the system has a dedicated page. It contains an
Access and a
Usage tab for an individual user. These tabs will only be visible if you have the necessary permissions.
Access tab you find an overview of all data objects the user can access and via which access provider(s). Note that Raito expands access provider inheritance and groups to show this list. This tab also provides the permissions and validity period per data object.
Usage tab, you find a bar chart called
Access Coverage which contains the same information of the
Access Coverage widget on the dashboard, yet limited to the user.
Data object page
A data object page is a dedicated page per data object and contains an
Access and a
Usage tab. These tabs will only be visible if you have the necessary permissions.
Access tab you find an overview of all users that can access the data object and via which access provider. Note that Raito expands access provider inheritance and groups to show this list. This tab also provides the permissions and validity period per user.