Skip to main content

Security Overview

For Data Analysts

Olytix Core provides enterprise-grade security features to protect your data, control access, and maintain compliance. The security layer is designed to be transparent to end users while providing comprehensive protection at every level.

Security Architecture

┌─────────────────────────────────────────────────────────────────┐
│                     Olytix Core Security Layer                          │
├─────────────────────────────────────────────────────────────────┤
│  ┌─────────────────────────────────────────────────────────────┐│
│  │                   Authentication                             ││
│  │         (API Keys, JWT Tokens, OAuth 2.0)                   ││
│  └─────────────────────────────────────────────────────────────┘│
│                              │                                   │
│                              ▼                                   │
│  ┌─────────────────────────────────────────────────────────────┐│
│  │                   Authorization                              ││
│  │      (Role-Based Access, Row-Level Security, Masking)       ││
│  └─────────────────────────────────────────────────────────────┘│
│                              │                                   │
│                              ▼                                   │
│  ┌─────────────────────────────────────────────────────────────┐│
│  │                    Audit Logging                             ││
│  │         (Access Logs, Policy Evaluation, Compliance)        ││
│  └─────────────────────────────────────────────────────────────┘│
└─────────────────────────────────────────────────────────────────┘

Core Security Features

Authentication

Olytix Core supports multiple authentication methods to secure API access:

MethodUse CaseSecurity Level
API KeysServer-to-server, scripts, automationMedium
JWT TokensUser applications, SSO integrationHigh
OAuth 2.0Third-party integrations, enterprise SSOHigh

Learn more about API Keys | JWT Authentication

Authorization

Control who can access what data with fine-grained authorization:

FeatureDescription
Row-Level Security (RLS)Filter rows based on user attributes
Column MaskingMask sensitive data for unauthorized users
Role-Based AccessAssign permissions based on user roles

Configure RLS | Column Masking

Audit Logging

Track all security-related events for compliance and forensics:

  • Data access events
  • Policy evaluations
  • Access denials
  • Policy changes
  • Authentication events

Configure Audit Logging

Security Context

Every request in Olytix Core operates within a security context that contains:

SecurityContext:
  user:
    user_id: "user123"
    email: "analyst@company.com"
    roles: ["analyst", "finance_team"]
    groups: ["north_america"]
    attributes:
      department: "Finance"
      region: "NA"
  policies: [AccessPolicy, ...]
  masking_policies: [MaskingPolicy, ...]
  request_id: "req-abc123"
  client_ip: "10.0.1.50"

The security context is automatically built from authentication credentials and used to evaluate all security policies.

Configuration

Environment Variables

# Authentication
OLYTIX_SECURITY__JWT_SECRET=your-secret-key
OLYTIX_SECURITY__API_KEY_PREFIX=olytix-core_key_
OLYTIX_SECURITY__REQUIRE_AUTH=true

# Policy evaluation
OLYTIX_SECURITY__CACHE_POLICIES=true
OLYTIX_SECURITY__POLICY_CACHE_TTL=300

# Audit logging
OLYTIX_SECURITY__AUDIT_ENABLED=true
OLYTIX_SECURITY__AUDIT_LOG_PATH=/var/log/olytix-core/audit.log

Project Configuration

# olytix-core_project.yml
security:
  require_auth: true

  jwt:
    secret: ${JWT_SECRET}
    algorithm: HS256
    expiry: 3600

  audit:
    enabled: true
    handlers:
      - type: file
        path: /var/log/olytix-core/audit.log
      - type: database
        connection: ${AUDIT_DB_URL}

Best Practices

Authentication

  1. Use JWT for user-facing applications - Provides better security with short-lived tokens
  2. Use API keys for service accounts - Easier to manage and rotate
  3. Rotate credentials regularly - Set expiration policies
  4. Use minimal scopes - Grant only necessary permissions

Authorization

  1. Define RLS policies at the cube level - Ensures consistent filtering
  2. Use role-based policies - Easier to manage than user-specific rules
  3. Test policies in staging - Verify expected behavior before production
  4. Document all policies - Maintain clear records for compliance

Audit Logging

  1. Enable audit logging in production - Required for compliance
  2. Set appropriate retention - Balance storage costs with compliance needs
  3. Monitor for anomalies - Set up alerts for unusual access patterns
  4. Secure audit logs - Protect logs from tampering

Compliance Support

Olytix Core's security features help meet requirements for:

StandardRelevant Features
SOC 2Audit logging, access controls, encryption
GDPRData masking, access controls, audit trails
HIPAARLS, column masking, comprehensive auditing
PCI DSSData masking, access controls, audit logs

Next Steps

API Keys
Set up API key authentication for your applications.
Configure API Keys
Row-Level Security
Implement fine-grained data access controls.
Set Up RLS