Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Understanding data confidentiality

By Jackie Sexton
  • Last updated
⌘ K
Search this article
Print this article

Who is this article for?

Enterprise or Decani Administrators or Module Developers concerned with data confidentiality.

Module Developer license and Area access are required to configure changes.

Data confidentiality involves protecting data from accidental, illegal, or unauthorized access, disclosure, or theft. It's important for administrators to be aware of the following situations that could impact data confidentiality.

This article outlines various areas of data confidentiality within the platform.

1. REST, SOAP, and Search API

  • Access for Reporting Authorities (RA) is strictly controlled based on user account permissions, ensuring only authorised users can access or modify data.
  • REST and SOAP interfaces can be disabled per module, allowing administrators to improve security by limiting access where unnecessary.
  • Search API is always enabled, with access matching standard search permissions for consistent and secure data retrieval.

2. Microsoft SQL Server Reporting Services (SSRS) reports

  • Access is controlled by role assignments, not by the Reporting Authorities (RA).
  • Any role shared with an SSRS report can run and view it, regardless of the report data's source RA.

You can find more information in our article on configuring SSRS reports and charts.

3. "- All -" modules search

  • Users with a role linked to a module can view common object fields in the "- All –" modules search, even if their role doesn't allow searching within that module. Limiting search ability is not a security measure.

4. Hiding a field from users

  • Hiding a field based on role, workflow, or other criteria does not fully prevent users from accessing the data via searches or reports.

5. Attachments

  • Notifications, whether set up by a user or configured within a module, can include attachments with sensitive or confidential information.
  • These may be sent outside your organisation or forwarded externally, risking unintended data exposure. It is crucial to apply proper controls to protect sensitive information from unauthorised access.

6. Accessing the database using Query Builder

  • Query Builder bypasses restrictions from Reporting Authorities, roles, and Record Access Control rules. 
  • sers can access all data in the database without usual limitations, giving Administrators unrestricted access regardless of typical access controls or privacy settings.

7. Reporting authorities, roles, and Record Access Control

  • Administrators with a User Administrative role capable of modifying objects must understand how role assignments and Reporting Authorities affect user permissions, especially their data access and visibility. This ensures proper management of access levels and maintains data security.

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page