Best Practices

InVault has three main ways to restrict access: at the data level, at the dashboard level, and at the filter level. These can all be used simultaneously, but it is recommended that users utilize only one of these approaches for each user role. Multiple user roles should then be created if multiple approaches to data restriction are used.

If a user is in two or more user roles that have an overlap in their restrictions, then the resulting access a user has is determined by the following set of rules:

• Data: overlapping data access controls result in a combination or union of the different access controls.
• Dashboards: overlapping dashboard access controls result in a combination or union of the different data access controls.
• Filters: overlapping data filter controls result in a intersection of the different data filter controls.

Additionally, a user can be given access to a dashboard even if the user does not have the rights to access all the data present in the dashboard, but the data that a user does not have the rights to access will not load. This can result in dashboards only loading partially if the user does not have the rights to access all of the data. The benefit of that is that multiple dashboards do not necessarily need to be made for multiple users that have varying levels of data access rights; instead, the users will only see what they are allowed to see in one dashboard.