On top of showing who has access to what, Raito also enriches these insights with data usage information. This allows you to monitor who has (not) been using the data they have access to and take the necessary actions immediately.
These insights are provided on multiple places within Raito Cloud, as they all cover a different angle:
- Dashboard: provides an aggregated overview of usage, both based on data objects, access controls, as users.
- Insights: provides an overview of users, data objects and access controls.
- Data objects: all usage of a single data object is grouped on the
Insightstab of the data object
- Users: all usage from a given user is grouped on the
Insightstab of the user
- Access Controls: all usage from a given access control is grouped on the
Insightstab of the access control
ℹ️ To view access and usage insights, you need the necessary permissions. See User Management for more information on which roles can see what in Raito.
- Used.- Something is used when at least one permission on one of the data objects is used within the given time period
- Access - percentage of data that can be accessed
Note: even though this term has multiple meanings, it will be clear from the context when it is access or short for percentage of access.
- Usage - percentage of access which is actually used
- Access risk - also referred to as risk: Percentage of data that can be accessed through a read or write permission, but which has not been used
- Exposure - percentage of users that can access an access control or data
- Exposure risk - Percentage of users that can access data, but which have not used it
- Utility - The percentage of users that have access to data and use it
- Active users - percentage of exposed users that have actually used their access
Most insights provided by Raito cloud, combine data access and data usage. The overview of existing access can be found on Access Insights.
Usage insights on the dashboard are visible for everyone except for users. The time-period for which all insights are calculated, can be set from the dashboard, yet can differ for every data source, depending on the timeframe for which insights are available.
The overview contains multiple maturity score indices, namely:
- Active users: A user is someone who is present in the who-list of at least one active access control. An active user is a user who has accessed at least one data object in the selected time-period.
- Used data: A data object is used, when it is at least one time accessed by a user in the selected time-period.
- Used access controls: An access control is used, when at least one of its permissions for a data object in its what-list is used by at least one of the users mentioned in the who-list.
The Maturity score is the average of the above three scores.
The dashboard contains a widget called
Accounts Distribution . This widget shows the number of users with accounts in 1 data source as well as the number of users with accounts in multiple data sources.
Next to this widget, we have the widget
User Distribution . This widget shows the number of users with access and the number of users without access.
The access control page contains the access risk map and the exposure risk map. The access risk map provides insights in how many data objects are accessible through an access control and how many of them are actually being used, whereas the exposure riks map provides insights in how many users obtain access via an access control and how many actually use this access.
Next to this, there is a full list of all access controls where you can see the access and usage of this access control, the exposure and active users of this access control as well as the deducted values of risk and utility.
The user page contains the access risk map and a query distribution map. The access risk map provides insights in how many data objects are accessible by the user and how many of them are actually being used. The query distribution map shows how many users have run how many queries.
Next to this, there is a full list of all users where you can see the access and usage of this user, his number of queries and his risk.
The data object page contains the exposure risk map and a query distribution map. The exposure risk map provides insights in how many users have access to data and how many of them have actually used it. The query distribution map shows how many data objects have been subject of how many read queries.
Next to this, there is a full list of all data objects where you can see the exposure and active users for this data object, the number of queries it has been subject to and the utility.
The access control insights tab shows the risk score and the utility score next to a usage table, which shows the number of queries per beneficiary as well as his last usage. It contains a short-cut to remove a user from an access control based on these insights.
The user insights tab shows the risk score next to an access control usage widget and a data usage widget. Both contain the number of queries, the last usage and allow you to view the lineage. The access control widget contains a short-cut to remove a user from an access control based on these insights.
The data object insights tab shows the utility score next to a usage table, which shows the number of queries per beneficiary as well as his last usage and it allows you to view the lineage.