Entitlements
Understand entitlement-based access controls
Overview
An entitlement is an access control that permits a principal (client or end user) to access a particular application, API operation, or resource. The Intelligent Risk Platform uses entitlements to control access to applications (e.g. Risk Modeler), products (e.g. Data Vault), data (e.g. ESG, Location Intelligence), and models that are restricted by license.
Entitlement management ensures that Intelligent Risk Platform tenants only access the products and services in line with their contract terms. Licensing and entitlement management software provides a platform for these controls, in line with an organization’s authorizations, permissions, privileges, access management, and policies.
Currently, the Intelligent Risk Platform supports the following entitlements: RI-DATAVAULT, RI-EXPOSUREIQ, RI-RISKMODELER, RI-TREATYIQ, and RI-UNDERWRITEIQ.
To access and use API operations that are restricted by entitlement, a client application must belong to a group that has been assigned the appropriate entitlement to perform that operation. Entitlement-based access controls are frequently tied to role-based access controls. For details, see Groups.
RI-DATAVAULT entitlement
RI-DATAVAULT entitlementData Vault is a separately licensed application that enables Intelligent Risk Platform tenants to manage archives of data servers and databases.
Admin Data API operations are generally restricted to principals with the Data Admin role. Operations for managing archives and snapshots require the RI-DATAVAULT entitlement.
| Collection | Operation | Entitlement | Role |
|---|---|---|---|
| Securables | Search Securables | Data Admin | |
| Securables | Get Securable | Data Admin | |
| Securables | Update Securable | Data Admin | |
| Archives | Search Archive | RI-DATAVAULT | Data Admin |
| Archives | Get Archive | RI-DATAVAULT | Data Admin |
| Archives | Create Archive | RI-DATAVAULT | Data Admin |
| Archives | Delete Archive | RI-DATAVAULT | Data Admin |
| Archives | Restore Archive | RI-DATAVAULT | Data Admin |
| Snapshots | Search Database Snapshots | RI-DATAVAULT | Data Admin |
| Snapshots | Get Database Snapshot | RI-DATAVAULT | Data Admin |
| Snapshots | Search Database Snapshots by Server Snapshot | RI-DATAVAULT | Data Admin |
| Snapshots | Get Database Snapshot by Server Snapshot | RI-DATAVAULT | Data Admin |
| Snapshots | Create Archive of Server Snapshot | RI-DATAVAULT | Data Admin |
| Jobs | Search Admin Data Jobs | Data Admin | |
| Jobs | Get Admin Data Job | Data Admin | |
| Jobs | Update Admin Data Job | Data Admin |
RI-EXPOSUREIQ entitlement
RI-EXPOSUREIQ entitlementPrincipals assigned the RI-EXPOSUREIQ entitlement may access operations and data available to licensed ExposureIQ tenants.
Principals with the RI-EXPOSUREIQ entitlement may also access the Data Bridge API.
RI-RISKMODELER entitlement
RI-RISKMODELER entitlementPrincipals assigned the RI-RISKMODELER entitlement may access operations and data available to licensed Risk Modeler tenants.
Principals with the RI-RISKMODELER entitlement may also access the Risk Modeler API and Data Bridge API.
The operations accessible to clients with the RI-RISKMODELER entitlement are generally in the Risk Data API.
RI-TREATYIQ entitlement
RI-TREATYIQ entitlementPrincipals assigned the RI-TREATYIQ entitlement may access operations and data available to licensed TreatyIQ tenants.
RI-UNDERWRITEIQ entitlement
RI-UNDERWRITEIQ entitlementPrincipals assigned the RI-UNDERWRITEIQ entitlement may access operations and data available to licensed TreatyIQ tenants.
Principals with the RI-UNDERWRITEIQ entitlement may also access the Risk Modeler API.
Updated 14 days ago