Permissions and Access Control
Because Tonkean connects different applications and systems together, managing permissions and data access is an important part of overall security. To that end, Tonkean allows admins to control permissions at various levels.
Data Source Permissions
We recommend using a dedicated service account to connect an application to Tonkean as a data source. In addition to being a general best practice for a variety of reasons (for example, change management), having a service account allows you to set the desired permissions in a single location and have those settings apply anywhere that data source is used in Tonkean.
When connecting a third-party application to Tonkean as a data source, Tonkean only needs the level of access required for your particular use case. For example, if you're using an IT service management application (ITSM) as a connected data source and your solution only requires read permissions, you do not have to grant Tonkean edit permissions to the connected ITSM service account.
Once a data source is connected, the actions a user can perform in Tonkean with data from that source are limited by the permissions granted to the account connected to Tonkean. In other words, the permissions set in the connected application apply to all Tonkean users.
User Permissions in Tonkean
In addition to managing permissions in the connected data source itself, you can control which users have the authority to manage a data source connection in Tonkean.
You can set administrators for any data source (they're called IT admins in Tonkean). These admins have privileges like customizing data retention policies and creating custom actions. You can add IT admins in Tonkean by following the steps below:
Navigate to the Enterprise Components screen.
Select the data source you want to add an IT admin for. The data source configuration screen displays.
Select Admins in the data source configuration panel. The Manage IT Admins screen displays.
Select the text box and enter the names of the users you want to add as admins.
Admins in Tonkean can also control which users can connect each kind of data source, specify that only board admins can connect data sources, or configure a group of data sources users can connect to by navigating to the Board Settings and selecting Data Sources in the configuration panel.
Whether in the connected data source or in Tonkean, you can control who has access to which data and who's able to connect different applications.