Manage Access

Managing resource access in Nexla allows you to control who can view, modify, and manage your platform resources. The system provides flexible APIs for granting, modifying, and revoking access permissions across all resource types.

Access Management Overview

Access management enables you to implement security policies, enable collaboration, and maintain control over your data infrastructure. The system supports both individual user access and team-based permissions for efficient resource sharing.

Grant Access to Resources

Granting access allows users and teams to work with your resources while maintaining appropriate security boundaries.

Grant Access Endpoint

To grant access to a resource, use the resource access endpoint:

PUT /resource_access

Grant Access Request Structure

The request body specifies the resource, users/teams, and access levels:

Nexla API

Grant Access: Request
PUT /resource_access

{
  "resource_type": "data_sources",
  "resource_id": 1001,
  "access_grants": [
    {
      "user_id": 43,
      "access_level": "user"
    },
    {
      "team_id": 1001,
      "access_level": "viewer"
    }
  ]
}

Grant Access Response

A successful access grant returns confirmation of the updated permissions:

Nexla API

Grant Access: Response
{
  "status": "success",
  "message": "Access granted successfully",
  "resource": {
    "type": "data_sources",
    "id": 1001,
    "name": "Customer Data Source"
  },
  "grants": [
    {
      "user_id": 43,
      "user_name": "Jane Doe",
      "access_level": "user",
      "granted_at": "2023-01-15T16:30:00.000Z"
    },
    {
      "team_id": 1001,
      "team_name": "Analytics Team",
      "access_level": "viewer",
      "granted_at": "2023-01-15T16:30:00.000Z"
    }
  ]
}

Modify Existing Access

You can modify access levels for users and teams who already have access to resources.

Modify Access Endpoint

To modify existing access permissions:

PUT /resource_access

Modify Access Request

Specify the resource and updated access levels:

Nexla API

Modify Access: Request
PUT /resource_access

{
  "resource_type": "data_sources",
  "resource_id": 1001,
  "access_modifications": [
    {
      "user_id": 43,
      "new_access_level": "admin"
    },
    {
      "team_id": 1001,
      "new_access_level": "user"
    }
  ]
}

Revoke Access

Remove access permissions when they are no longer needed.

Revoke Access Endpoint

To revoke access from users or teams:

DELETE /resource_access

Revoke Access Request

Specify the resource and users/teams to remove:

Nexla API

Revoke Access: Request
DELETE /resource_access

{
  "resource_type": "data_sources",
  "resource_id": 1001,
  "access_revocations": [
    {
      "user_id": 44
    },
    {
      "team_id": 1002
    }
  ]
}

Access Levels and Permissions

Understanding access levels helps you grant appropriate permissions for different use cases.

User Access Level

Users with user access can:

View Resource: See resource configuration and status
Use Resource: Include resource in data flows and processing
Monitor Performance: View metrics and operational data
Limited Modification: Cannot change core configuration

Admin Access Level

Users with admin access can:

Full User Permissions: All user-level capabilities
Modify Configuration: Update resource settings and parameters
Grant Access: Give access to other users and teams
Manage Status: Activate, pause, and control resources

Viewer Access Level

Users with viewer access can:

View Resource: See resource information and status
Monitor Performance: View metrics and operational data
No Modification: Cannot change any configuration
No Usage: Cannot include resource in data flows

Resource-Specific Access Control

Different resource types support specialized access control features.

Data Source Access

Control access to data ingestion resources:

Ingestion Control: Who can activate/pause data sources
Configuration Management: Who can modify source settings
Data Access: Who can view ingested data and schemas
Credential Access: Who can see authentication information

Data Destination Access

Manage access to data output resources:

Output Control: Who can activate/pause destinations
Configuration Management: Who can modify output settings
Data Mapping: Who can configure data transformation rules
Delivery Monitoring: Who can view output metrics

Flow Access

Control access to data processing pipelines:

Flow Control: Who can start/stop data flows
Configuration Management: Who can modify flow settings
Performance Monitoring: Who can view flow metrics
Resource Management: Who can modify flow components

Best Practices

To effectively manage resource access in your Nexla platform:

Principle of Least Privilege: Grant only the access users need
Regular Access Reviews: Periodically review and update permissions
Team-Based Access: Use teams for efficient permission management
Documentation: Maintain clear records of access decisions
Monitoring: Track access patterns and identify anomalies

Access Management Workflows

Common workflows for managing resource access in different scenarios.

New Team Member Onboarding

When adding new team members:

Assess Requirements: Determine what resources the member needs
Grant Team Access: Add member to appropriate teams
Individual Grants: Grant specific access for unique requirements
Monitor Usage: Track initial access patterns and adjust as needed

Project-Based Access

For temporary project access:

Define Scope: Identify resources needed for the project
Grant Access: Provide appropriate access levels
Set Timeline: Establish access duration and review dates
Review and Revoke: Remove access when project completes

Compliance and Auditing

Maintain compliance through proper access management:

Access Reviews: Regular reviews of all permissions
Documentation: Clear records of access decisions and rationale
Monitoring: Track access patterns and identify risks
Remediation: Address any inappropriate access promptly

Error Handling

Common access management issues and solutions:

Permission Denied: Ensure you have admin rights to the resource
Invalid User/Team: Verify the specified users or teams exist
Resource Not Found: Confirm the resource ID is correct
Access Conflicts: Resolve conflicts between individual and team access

After managing access, you may need to:

View Current Access

GET /resource_access
GET /resource_access/{resource_type}/{resource_id}

Monitor Access Usage

GET /resource_access/{resource_type}/{resource_id}/usage
GET /resource_access/{resource_type}/{resource_id}/audit

Manage Team Access

GET /teams/{team_id}/access
PUT /teams/{team_id}/access

Access Management Overview​

Grant Access to Resources​

Grant Access Endpoint​

Grant Access Request Structure​

Grant Access Response​

Modify Existing Access​

Modify Access Endpoint​

Modify Access Request​

Revoke Access​

Revoke Access Endpoint​

Revoke Access Request​

Access Levels and Permissions​

User Access Level​

Admin Access Level​

Viewer Access Level​

Resource-Specific Access Control​

Data Source Access​

Data Destination Access​

Flow Access​

Best Practices​

Access Management Workflows​

New Team Member Onboarding​

Project-Based Access​

Compliance and Auditing​

Error Handling​

Related Operations​

View Current Access​

Monitor Access Usage​

Manage Team Access​