Entitlements
Understand entitlement-based access controls
Overview
An entitlement is an access control that permits a principal (client or end user) to access a particular application, API operation, or resource. The Intelligent Risk Platform uses entitlements to control access to applications (e.g. Risk Modeler), products (e.g. Data Vault), data (e.g. ESG, Location Intelligence), and models that are restricted by license.
Entitlement management ensures that Intelligent Risk Platform tenants only access the products and services in line with their contract terms. Licensing and entitlement management software provides a platform for these controls, in line with an organization’s authorizations, permissions, privileges, access management, and policies.
Currently, the Intelligent Risk Platform supports the following entitlements: RI-DATAVAULT, RI-EXPOSUREIQ, RI-RISKMODELER, RI-TREATYIQ, and RI-UNDERWRITEIQ.
To access and use API operations that are restricted by entitlement, a client application must belong to a group that has been assigned the appropriate entitlement to perform that operation. Entitlement-based access controls are frequently tied to role-based access controls. For details, see Groups.
IC-VPN entitlement
IC-VPN entitlementVPN for Data Bridge is a separately licensed product that enables Intelligent Risk Platform tenants to create and manage VPN connections to Data Bridge.
Tenant Data API operations are generally restricted to principals with the Admin or Data Bridge role. Operations for managing VPN connections require the IC-VPN entitlement.
| Collection | Operation | Entitlement | Role |
|---|---|---|---|
| Tenant Data | Search Encryption Keys | IC-VPN | Admin, Data Bridge Admin |
| Tenant Data | Create Encryption Key | IC-VPN | Admin, Data Bridge Admin |
| Tenant Data | Get Encryption Key | IC-VPN | Admin, Data Bridge Admin |
| Tenant Data | Update Encryption Key | IC-VPN | Admin, Data Bridge Admin |
| Tenant Data | Search VPN Connections | IC-VPN | Admin, Data Bridge Admin |
| Tenant Data | Create VPN Connection | IC-VPN | Admin, Data Bridge Admin |
| Tenant Data | Get VPN Connection | IC-VPN | Admin, Data Bridge Admin |
| Tenant Data | Delete VPN Connection | IC-VPN | Admin, Data Bridge Admin |
| Tenant Data | Update VPN Connection | IC-VPN | Admin, Data Bridge Admin |
RI-DATAVAULT entitlement
RI-DATAVAULT entitlementData Vault is a separately licensed application that enables Intelligent Risk Platform tenants to manage archives of data servers and databases.
Admin Data API operations are generally restricted to principals with the Data Admin role. Operations for managing archives and snapshots require the RI-DATAVAULT entitlement.
| Collection | Operation | Entitlement | Role |
|---|---|---|---|
| Archives | Create Archive | RI-DATAVAULT | Data Admin |
| Archives | Delete Archive | RI-DATAVAULT | Data Admin |
| Archives | Get Archive | RI-DATAVAULT | Data Admin |
| Archives | Restore Archive | RI-DATAVAULT | Data Admin |
| Archives | Search Archive | RI-DATAVAULT | Data Admin |
| Archives | Update Archive | RI-DATAVAULT | Data Admin |
| Jobs | Get Admin Data Job | Data Admin | |
| Jobs | Search Admin Data Jobs | Data Admin | |
| Jobs | Update Admin Data Job | Data Admin | |
| Securables | Archive Securable | RI-DATAVAULT | Data Admin |
| Securables | Delete Securable | Data Admin | |
| Securables | Get Securable | Data Admin | |
| Securables | Search Securables | Data Admin | |
| Securables | Update Securable | Data Admin | |
| Snapshots | Create Archive from Snapshot | RI-DATAVAULT | Data Admin |
| Snapshots | Get Database by Snapshot | RI-DATAVAULT | Data Admin |
| Snapshots | Get Database by Snapshot | RI-DATAVAULT | Data Admin |
| Snapshots | Search Databases by Snapshot | RI-DATAVAULT | Data Admin |
| Snapshots | Search Snapshots | RI-DATAVAULT | Data Admin |
RI-EXPOSUREIQ entitlement
RI-EXPOSUREIQ entitlementPrincipals assigned the RI-EXPOSUREIQ entitlement may access operations and data available to licensed ExposureIQ tenants.
Principals with the RI-EXPOSUREIQ entitlement may also access the Data Bridge API.
RI-RISKMODELER entitlement
RI-RISKMODELER entitlementPrincipals assigned the RI-RISKMODELER entitlement may access operations and data available to licensed Risk Modeler tenants.
Principals with the RI-RISKMODELER entitlement may also access the Risk Modeler API and Data Bridge API.
The operations accessible to clients with the RI-RISKMODELER entitlement are generally in the Risk Data API.
RI-TREATYIQ entitlement
RI-TREATYIQ entitlementPrincipals assigned the RI-TREATYIQ entitlement may access operations and data available to licensed TreatyIQ tenants.
RI-UNDERWRITEIQ entitlement
RI-UNDERWRITEIQ entitlementPrincipals assigned the RI-UNDERWRITEIQ entitlement may access operations and data available to licensed TreatyIQ tenants.
Principals with the RI-UNDERWRITEIQ entitlement may also access the Risk Modeler API.
Updated about 21 hours ago