Data Engine users belong to groups assigned to roles with permissions to access data in messages and to control or configure the SITS agents. Integrations require that API users belong to groups assigned to roles with permissions to configure access to the Data Engine APIs.
The table Data Engine features details the features and corresponding permissions and roles.
| Feature | Data Engine area | Description |
|---|---|---|
| ADD authentication | Administration | Administration permissions define whether users can access the OData APIs using Azure Active Directory authentication. |
| Message types | Data access |
Data access permissions to enable users to view all data with the OData APIs. Warning.
Data Engine allows Power BI users to access sensitive, financial, and special category data from SITS:Vision. This may not be appropriate for all Power BI users. If a Power BI user is not entitled to access sensitive, financial, and special category data, they should not produce Power BI reports in Data Engine. Unauthorised access to sensitive, financial, and special category data could constitute a data breach under the Data Protection Act 2018 or General Data Protection Regulation (GDPR). If in doubt, contact your data protection officer. |
| SITS agent configuration | Management | Management permissions define whether users can configure and change the settings for reporting processes, and view and monitor basic reporting processes, such as reporting logs and message type workers. |
The Data Engine roles and permissions are as follows:
Administration
The table Administration permissions details the permission and the default role Data Engine Administrator.
| Permissions | Data Engine administrator | Description |
|---|---|---|
| Configure AAD authentication | Yes | Configure access to the Data Engine APIs using Azure Active Directory authentication. |
Data access
Data from the OData APIs may contain sensitive, financial, and special category data.
Therefore, only assign users to roles with permissions in the Data access area if they have access to sensitive, financial, and special category data in SITS:Vision. Granting access to unauthorised users could constitute a data breach under the Data Protection Act. If in doubt, contact your data protection officer.
The default role Data Engine full reader has the permission Full data access and can view all report data, which includes special category data.
Note that the role Data Engine restricted reader and the permission Restricted data access are not used.
Management
The Management permissions details the permissions of the default roles Data Engine user and Data Engine full manager.
| Permissions | Data Engine user | Data Engine manager | Description |
|---|---|---|---|
| Configure Data Engine | No | Yes | Configure and change the settings for reporting processes. |
| Control Data Engine | Yes | Yes | View and monitor basic reporting processes, such as reporting logs and message type workers. |