This article helps you:
Easily prevent users from accessing sensitive or restricted information in Amplitude
Enterprise-level organizations often collect data that can include revenue data, personally identifiable information (PII), and other sensitive information. Amplitude’s data access control (DAC) feature enables these organizations to easily manage access to these categories of data, in a way that prevents unauthorized users from gaining access to it, and that helps prevent the data from inadvertently leaking out.
DAC works within Amplitude’s Groups framework. Admins grant or restrict access to PII, revenue data, and sensitive information to all members of a group. From there, they can add or remove users from these groups as access requirements change, either on an individual or organizational level.
For example, when an unauthorized user tries to view a chart that includes restricted information, Amplitude blocks the chart from loading on the user’s screen. Those users are also unable to create new charts that might include restricted data. This is true not only for charts, but also for cohorts, dashboards, notebooks, and user sessions.
Organization admins always have access to all data classifications, regardless of any DAC restrictions.
When a user encounters a chart they can't view because of the presence of restricted data, Amplitude specifies the properties or cohorts DAC has blocked.
They can then exclude the restricted data and view the chart (or cohort, dashboard, notebook, or user session) without it.
With DAC enabled, Amplitude hides properties that you classify from the Event Stream and User or Account lookup pages. When your project's users encounter classified data, Amplitude displays the value as [DAC Restricted]
.
The same restrictions apply to Ask Amplitude.
Setting access levels is a two-stage process. First, classify your data. When that’s complete, you can set up permissions.
DAC applies only to properties. It doesn’t apply to definitions or metadata.
If you classify user_id
, users without access to that classification can't use Event Explorer.
This page is available to users with the Administrator role.
Navigate to Organization Settings > Data Access Controls to see the Data Access Controls overview page. There, find information about the following:
PII
, Sensitive
, or Revenue
.PII
, Sensitive
, or Revenue
.PII
, Sensitive
, or Revenue
.Drill in to any cell in the table for a detailed view where you can see the specific users or groups with access to each classification, or more detailed information about the properties in each classification.
Update user and group access from the Overview page, or navigate to Data to update any property classification.
Use the project switcher to see classifications for each project, and click Classify Data to open that project's tracking plan, where you can manually classify properties.
To customize the error message that your internal users see when they try to access a restricted chart or cohort, click Customize Restricted Access Message. On the resulting modal, edit the error message and include any links to internal documentation that may be helpful.
Users who navigate to a restricted chart or cohort have the option to contact an administrator in their organization to request access. Amplitude sends this request to all organization administrators.
Administrators can deselect the Someone requests access to a property classified by Data Access Controls
notification in Personal Settings > Notifications to opt out of these notifications.
DAC enforcement applies to all exports and subscriptions in Amplitude. This means:
The Taxonomy API enables you to manage classifications for all your properties, at scale.
Thanks for your feedback!
September 12th, 2024
Need help? Contact Support
Visit Amplitude.com
Have a look at the Amplitude Blog
Learn more at Amplitude Academy
© 2024 Amplitude, Inc. All rights reserved. Amplitude is a registered trademark of Amplitude, Inc.