Manage Data Source Permissions
Data sources are what power your Tonkean solutions, allowing you to connect to numerous applications, and ingest and leverage the data from those applications. Because this access to data has substantial security implications, it's important to be intentional about who you allow to connect data sources to your board. Generally speaking, the more control you have over which users can connect and access particular data sources, the more secure your board.
In Board Settings, you can define who can connect which data sources, including creating specific permissions rules for a given data source and even restricting connections to your preferred account.
We recommend setting data source-specific permissions rules for specified users or groups of users:
Add a Permissions Rule
To establish a rule for a particular type of data source, you can add a permissions rule. Permissions rules allow you to define who can connect a given data source type and even limit system users' access to a specific account for that data source. For example, you might want makers to exclusively use your organization's service account for Google Drive; with a permissions rule, you can ensure this service account is the only available option for Google Drive.
To add a permissions rule, follow the steps below:
Select your profile icon in the upper right, then select Board Settings. The Board Settings screen displays.
In the sidenav, select Connections Permissions. The Connections Permissions screen displays.
Select + Add Rule. The Select Data Source Type window displays.
Select the Data source type dropdown and search for or choose the data source you want to create a rule for.
When finished, select Save. The Select Data Source Type window closes and the {data source type} | Accessibility screen displays.
Set Accessibility Rules
With the permissions rule created, you can specify who can connect the data source to your board.
Select one of the three available options:
All Users (default) - All system users can connect this data source to your board.
Specific users/groups - Specify which users or business groups can connect this data source to your board. Use the field provided to browse or search for specific users or business groups.
No one except board admins - Only defined board admins can connect this data source to your board.
When finished configuring your accessibility options, select Save Changes in the upper right.
Add a Predefined Connection
Predefined connections enable you to specify a particular connection (that is, a specific account) for the data source. For example, if your team uses a Google service account, you can configure the permissions rule to allow only connections using that account.
If you want to restrict available data source connections to only predefined connections, select the Only allow predefined connections checkbox:
To add a predefined connection, follow the steps below:
In the Settings sidenav, select Connections. The Connections screen displays.
Select + Add Predefined Connection. The New Predefined Connection window displays.
Enter a Connection display name and, if desired, a Description for the connection.
Select who the predefined connection is available to: either the same users and groups defined on the Accessibility screen or users and groups you specify for the predefined connection itself.
If you choose Only specific groups/users, use the field provided to browse or search for specific users or business groups:
When finished, select Create a new connection. The Set Up Connection window displays.
Set up the data source connection using your preferred account or authentication method, including any integration permissions that are specific to the application.
The authentication options vary from application to application.
When finished authenticating, select Create.
The newly-created predefined connection displays on the Connections screen:
Activate the Permissions Rule
After creating a new permissions rule, you must activate it.
On the Connections Permissions screen, select the Rule Activation toggle for the permissions rule. A confirmation window displays, indicating that activating the rule only affects new connections.
Select Confirm.
The permissions rule is active.
Set Board-Level Permissions
In addition to creating permissions rules for specific data source types, you can also define who can connect data sources that don't have rules. Permissions rules always supersede general permissions. Select one of the three available options:
Board admins are always permitted to connect data sources unless specifically excluded in a permissions rule.
All Users (default) - All system users can connect any data source without a permissions rule. Select this option if you want any maker to be able to connect data sources to your board.
Specific users/groups - Specify which users or business groups can connect any data source without a permissions rule. Use the field provided to browse or search for specific users or business groups.
This option is especially helpful if you have select system users who you want to allow to connect data sources but prefer not to make them board admins.
No one except board admins - Only defined board admins can connect any data source without a permissions rule. Select this option for maximum control over who can connect data sources.
