Configuring Data Permissions

Data Permissioning and Isolation

Akkio offers a flexible approach to data access. Data can either be shared at a global (agency-wide) level or isolated per client. This approach respects any data-warehouse-level permissions you might have (e.g., in Snowflake or other databases).

Global Agency Data

• Description: Datasets configured to be accessible to the entire agency.

• Access: Any user within the agency (with roles Team Member, Approver, Distributor, or Admin) can see and use these datasets, provided they have at least a Team Member role or higher.

• Use Cases: Common reference data or cross-client data that the agency wants to share broadly.

Client-Specific Data (Data Isolation)

• Description: Datasets that are isolated to a specific client’s team.

• Access: Only users who are members of that client’s team can see and use these datasets. This allows for strict data isolation, protecting sensitive or proprietary data.

• Inherited Permissions: Akkio enforces any underlying database permissions. If Snowflake or another data warehouse is configured to only allow specific users or roles to see certain tables, Akkio respects that setting.

Best Practices

Least Privilege Principle

Assign the lowest role necessary for a user to perform their job. For instance, if a user only needs to create projects, make them a Team Member rather than a Team Admin.

Client Isolation

• If a client’s data must remain private, ensure only client-specific users and relevant agency team members (who need access) are assigned to that client’s team.

Regularly Audit Roles

• Periodically review users’ roles and client memberships to ensure they still reflect current responsibilities.