How is access to data and features managed in LUSID?

LUSID is built on top of a powerful role based access control system that makes it straightforward to model, enforce and report on both simple and complex access control conditions.

The three key concepts are Policies, Roles and Users.

Step 1: Define roles

To begin managing access is LUSID you first need to define some Roles, which are intended to represent job functions, areas of responsibility or roles within your organisation.

Step 2: Define policies

The next step is to define a set of Policies that describe the conditions in which data and functionality can (or explicitly cannot) be accessed.

Step 3: Assign roles to users

Finally specify which users should be assigned to which roles, and thus by extension which policies apply to those users. If none of the roles assigned to a user have policies that permit access to a bit of data or functionality, they will be denied access to that resource.

Like everything in LUSID, the resource access control system can be completely maintained through our APIs. We’ve also provided a web portal to make it easy to harness the full power of Policies and create the access framework appropriate for your company. The web portal features also help to manage policies, group them into collections, or assign them to roles, and users to roles.

To demonstrate some of the capabilities and flexibility of the Policies and Roles, we’ve included some examples with every LUSID account.

Step 4: Monitoring Access

Allowing you to grant your team access to information is only part of an access control system’s responsibilities. Another key area is being able to identify who has actually accessed what data and when.

Every interaction with the access control system in LUSID is recorded, tracking not only the specific resource accessed and action performed, but also the policy and role that permitted (or blocked) the activity.