On this page

Manage access to sensitive data with Data Access Control

Enterprise-level organizations often collect data that can include revenue data, personally identifiable information (PII), and other sensitive information. Amplitude's Data Access Control (DAC) feature lets these organizations manage access to these categories of data. DAC prevents unauthorized users from gaining access and helps prevent inadvertent data leaks.

Enable this feature

Contact Amplitude Support to enable Data Access Controls for your organization.

How Data Access Control works

DAC works within Amplitude's Groups framework. Admins grant or restrict access to PII, revenue data, and sensitive information for all members of a group. From there, admins can add or remove users from these groups as access requirements change, either at the individual or organizational level.

For example, when an unauthorized user tries to view a chart that includes restricted information, Amplitude blocks the chart from loading. Those users also can't create new charts that might include restricted data. This applies to charts, cohorts, dashboards, notebooks, and user sessions.

Organization admins always have access to all data classifications, regardless of any DAC restrictions.

When a user encounters a chart they can't view because of restricted data, Amplitude specifies the properties or cohorts that DAC blocked.

The user can then exclude the restricted data and view the chart (or cohort, dashboard, notebook, or user session) without it.

With DAC enabled, Amplitude hides classified properties from the Event Stream and User or Account lookup pages. When your project's users encounter classified data, Amplitude displays the value as [DAC Restricted].

The same restrictions apply to Ask Amplitude.

Set access for specific categories of sensitive data

Setting access levels is a two-stage process. First, classify your data. After that's complete, set up permissions.

DAC applies only to properties. It doesn't apply to definitions or metadata.

Classify properties

  1. In Amplitude Data, go to Properties and select the tab that contains the properties you want to classify. DAC lets you classify User, Event, and Group properties in your tracking plan, except for Amplitude ID, Version, Platform, Group ID, and Group name.

Properties not eligible for classification

Amplitude doesn't support classifying transformed properties or unexpected properties.

Transformed properties inherit classification from their component properties.

To classify an unexpected property, add it to your tracking plan.

  1. Select the name of the property you want to classify. You can manage event, user, and group properties directly. Derived properties inherit all the classifications of their parent properties.
  2. In the details panel that opens, select the Classification drop-down and choose all relevant classifications for this property. Then select Send.
  3. Repeat steps 2 and 3 for each property you want to classify.

Classifying the User ID property

If you classify user_id, users without access to that classification can't use Event Explorer.

Set up permissions

  1. Go to Settings > Organization settings > Groups and select the name of the group you want to edit. You can also create a new group.
  2. Open the group's Data Access tab. Three controllable classifications appear here: PII, revenue, and sensitive.
  3. For each classification, select Yes to allow members of the group to view this data, or No to deny access.
  4. When you're done, select Save.

Data Access Controls overview page

This page is available to users with the Administrator role.

Go to Organization Settings > Data Access Controls to view the Data Access Controls overview page. There, find information about the following:

  • The number of groups with access to data classified as PII, Sensitive, or Revenue.
  • The number of users with access to data classified as PII, Sensitive, or Revenue.
  • All event, user, and group properties classified as PII, Sensitive, or Revenue.

Drill into any cell in the table for a detailed view of the specific users or groups with access to each classification, or for more detailed information about the properties in each classification.

Update user and group access from the Overview page, or go to Data to update any property classification.

Use the project switcher to view classifications for each project, and select Classify Data to open that project's tracking plan, where you can manually classify properties.

To customize the error message that your internal users see when they try to access a restricted chart or cohort, select Customize Restricted Access Message. On the resulting modal, edit the error message and include any links to internal documentation that might help.

When you customize the restricted message, the message applies to your organization, not just the project.

Access request notifications

Users who go to a restricted chart or cohort can contact an administrator in their organization to request access. Amplitude sends this request to all organization administrators.

Turn off access request notifications

Administrators can deselect the Someone requests access to a property classified by Data Access Controls notification in Personal Settings > Notifications to opt out.

Exports and subscriptions

DAC enforcement applies to all exports and subscriptions in Amplitude:

  • If a user selects Download Users from the microscope in a chart, the CSV export excludes properties with classifications they can't access.
  • If a user tries to export a CSV from a dashboard, the export excludes charts they can't access.
  • If a user tries to export a PDF or PNG from a dashboard, the export obfuscates charts and cohorts they can't access.
  • If a user tries to subscribe to a chart they can't access, Amplitude cancels the subscription and the user doesn't get a notification or email.
  • If a user tries to subscribe to or create alerts for a dashboard, the email obfuscates the charts and cohorts they can't access.

Manage classifications with the Taxonomy API

The Taxonomy API lets you manage classifications for all your properties at scale.

Was this helpful?