FlexiCore Data Security

Persistent Data Security

Data Security is a critical requirement for modern systems, making each piece of data available only to authorized users. FlexiCore transparently provides multi-tenant data security, without requiring any code, allowing you to focus on your application.

What is Persistent Data Security?

Persistent Data Security is a collection of technologies and system definitions for securing stored data. Data is normally stored in a database. Optimally, database queries should account for current user access rights avoiding server-side code imposing security policies.

Why use Data Security?

Data Secured systems are used to show different data for different users. Data Security is paramount in multi-tenancy enabled environments. Newer regulations addressing privacy and data ownership further enhance and expand the need for better security.

Data Security With FlexiCore

FlexiCore provides state of the art data security using its access control system. Permissions and access control objects such as Users, Roles, Tenants, and Permission-Groups are stored in the database and not as part of the code. API endpoints and other controlled methods are stored in the database too when the server starts.

By using a set of default behaviors at all access control objects levels, the amount of required data to describe final users’ access rights is dramatically reduced.

For efficiency and security, access control is considered at the database level, requiring no additional code to filter the permitted data. This behavior is automatically applied to all plugins’ created data too.

authorized tenant administrators can create new tenants visible only to authorized users. Unlike some of the other multi-tenancy systems, FlexiCore multi-tenancy can be defined to allow aggregation across tenants, for example across subsidiaries of the same company, or disallow it, virtually creating a ‘firewall’ among tenants.

Data Security With plugins

When new plugins are created in the process of developing new applications (applications are fully built from plugins), access control to data is implicitly provided, there is no additional code to write or pre-defined files/annotations to support access control.

As all aspects of data security state are part of the database’s data, developers can define new Operations decorating new created API’s so system administrators can see these new operations while managing system access rights.

Data security requirements defintion process

Often enough, data access details may be overlooked, it is recommended that the following points are addressed:

Will the server serve multiple organizations?
- if yes, multi-tenancy is required. As each organization needs one or more administrators capable of inviting or creating users.
if the answer for the above is yes, will an organization administrator ever need to create sub-organizations having their own administrators? for example a branch or subsidiary?
In a multi-tenancy, hierarchical or not, should data be aggregatable across multiple tenants?
Will GDPR adherence be required?
Will data encryption be required?
When multi-tenancy is not required, do users need to allow access to other users?
Should the system allow access control to multiple, mixed types of objects as often is the case in IoT systems?

Adding support for some or all of the requirements above is complex and is better transparently handled by the system without any or very little effort from developers.

Multi-tenancy or access control to data not required?

Flexicore is designed to easily provide a single-tenant environment where all signed-on users can access all data. This is based on a default behavior of the system.

The definition of such behavior is either set from the provided user management or by adding a few lines of code to a plugin.

Access to operations can be still filtered by the current user access rights.