The data protection and access to containers in Veracity is built around shared access signature (SAS) tokens - or access keys. This enables the sharing of data, the granting of policy-based access, and the revoking of granted access at any time. Activity related to data within Veracity can, in this way, be tracked and reviewed by the container owner. Keys are only possible to be shared with other platform users, and the SAS key may only be obtained by authenticated users.
Types of keys
Veracity supports 4 different keys. For each key, the duration of the key and whether the key will be recurring can be defined.
Write key: A write key gives the user rights to write to a container for a given amount of time, but not list the content. Typically this key is used for applications or for developers that should only write to a data container.
Read and list key: Read and list keys give the user rights to read a container and browse the content of the container for a given amount of time. Typically this key is used for projects, sharing data for single operations or sharing read access to analytics providers.
Read, write and list key: A read, write and list key gives the user rights to read, write and browse the content of a data container for a given amount of time. Typically this key is used for provider-services or single operations for an analyst.
Read, write, list and delete key: Read, write, list and delete keys give the user full access to the content of your data container for a given amount of time. Typically used for data managers/providers.
List key: Will only allow users to see which files are present in the container. The users will not be able to open, edit, rename, delete or download the files.
A SAS key may be granted for a limited time, options for Veracity are:
1, 2, 3, 4, 5 and 6 months
Note that one shares the right to claim a key. The person the key is shared with may claim the key at any time after the key is shared. The timer will start once the key has been claimed through the portal or through the provisioning API. It is strongly recommended that the duration of the key is limited. There is a repeat/recurring option, enabling the client to reclaim the key if necessary.
All keys can be given a repeating property, which means the key is automatically renewed until the owner of the container revokes it. Enabling this option allows for a much lower duration on keys, which increases security. The client who has been granted a SAS key would need to reclaim the key after the duration expires.
More on IP Range
An optional IP address or range of IP addresses from which Azure Storage will accept the SAS. For example, you might specify a range of IP addresses belonging to your recipient’s organization. This ensures that your recipient can only access your data container from that location.
Tip! Use short duration on recurring keys so that you can revoke access after that key expires.