Security and Governance

There are four default user roles in Akumen, and they are organized in the following way:

• Administrators;
• Builders;
• Users; and
• Viewers.

The following points refer to the best practices surrounding setting up security for data where different groups of users are concerned.

• Users should not be an admin unless they specifically need to be. Admins can see all apps, including those that are unpublished. It is recommended that most users come under the Builder user category. This means they still do the same tasks as an admin, however they cannot see unpublished apps nor manage user accounts and security. This enables a “clean” product environment where people can work on their own creations, and then publish them for all to see once they are ready for “delivery”.

• Before the roles are established, put into place an accountability system whereby only authorized people may modify the model code/driver model, and those who just need to perform scenario analysis may not. Code and driver models do not appear for those in groups that do not have model code access.

• Use appropriate groups to lock down permissions at the study level. This means leaving at least one study where data is may be accessed by everyone in the appropriate groups, then lock down the more confidential studies.

• Although Akumen supports setting permissions for objects for specific users, groups remain the best way to lock down permissions. This allows new people, with similar roles, to come on board and to be automatically allocated permissions without requiring someone to go through all the Akumen objects and set permissions.