Securing your data

Overview of data security

inmydata is designed to let organisations expose the right data to the right people.  Security is enforced at multiple levels:

• Group‑level security – users are organised into groups.  Group membership determines which subjects (datasets) a user can see.  Groups can also have a default home page (a dashboard or category) support.inmydata.com.

• Subject‑level security – administrators can enforce that only specific groups can access a subject.  Subjects not assigned to a group are hidden from that group support.inmydata.com.

• Row‑level security – if you need different users to see different rows within the same subject (for example, store managers seeing only their store’s transactions), you load “user data” that links each user to relevant values and then use filter parameters to limit what each user sees support.inmydata.com.

• API‑level security – API keys are tied to a specific user.  The inmydata API will only return data that the user associated with the key is allowed to see.  When you set the user property in the API client, events and charts are only delivered to that user

Creating Groups

Groups allow you to bundle users together so they can access the same data.  To create a group:

1. Open the Groups page – in the Administrator menu, choose Groups.  Each group’s details (full name, description and default home page) appear on the right support.inmydata.com.
   
   

2. Click “Add Group” – this opens a dialog to enter the group’s name and description and choose a default home page support.inmydata.com.  The home page can be a category or a visualisation/dashboard; drop‑down menus allow you to select the category or dashboard object you want support.inmydata.com.
   
   

3. Optionally enforce subject access – enabling Enforce Group access to Subjects lets you limit which subjects the group can see.  When this option is enabled, an extra action appears to set permitted subjects for the group support.inmydata.com.
   
   

Creating groups is the foundation for data security because subjects and API keys can be scoped to groups.

The available actions are:-

	Add Group	Opens a dialog where the details for a New Group can be entered. The Home page can be one of the following Select "A Category" this will enable a drop down of the available categories in the tenant to allow selection of the Category that the group will have as their default home page. Select "A Visualisation or Dashboard" this will enable a dropdown for the type of display object. once selected a list of objects and a search facility will be enabled to allow selection of the object to display on the home page
	Set permitted subjects for this group	Only enabled if Enforce Group access to Subjects is enabled. Displays a page that allows the selection of the subjects that the group has access to.. Select the Subjects from the right hand side and move to the left to enforce subject
	Delete ( Not available for the "Default Group"	If selected confirm the action.

Assigning Users To Groups
After creating groups, assign users to them so that the group’s permissions apply. Go to the Users page in the Administrator menu, select the user and choose the group(s) they should belong to. Their subject and category access are determined by their group membership.

Applying Group Level Security to Subjects

By default, subjects (datasets) are available to all groups.  You can restrict a subject to specific groups by enabling group‑level enforcement:

1. Enable enforcement – on the Groups page, turn on the Enforce Group access to Subjects setting.

2. Set permitted subjects for each group – for each group, choose Set permitted subjects.  A dialog lists all subjects; move subjects from the right‑hand list to the left to allow access support.inmydata.com.
   

3. Set groups for a subject – alternatively, from the Edit Subjects page, select the subject you wish to secure, choose Set Groups for a subject.  This screen appears only when enforcement is enabled and lets you move groups from the right‑hand list to the left to grant the selected subject to those groups support.inmydata.com.  Click OK to save support.inmydata.com.
   

Using these features ensures that each group only sees the subjects they are authorised to view.

Adding User Data

Row‑level security requires a dataset that links each user to the values you will use for filtering (e.g., store ID or region).  To prepare this dataset:

1. Prepare a user data subject – publish a dataset where each row represents a user.  The dataset must include:

   • a column containing the user ID that matches the user defined in inmydata support.inmydata.com;

   • one column for each attribute you want to filter by (e.g., store, territory, region) support.inmydata.com.
     
     

2. Register the dataset as user data – log in with an admin account, open the Settings (via the user menu) and select the Users tab.  In the User Subject field, choose the dataset you loaded; in User Id Field, select the column containing the user ID; then press OK support.inmydata.com.
   
   

Maintaining this dataset ensures that each user can be linked to their organisation unit or other attributes for row‑level security.

Applying User Specific Filters to Subjects

Once user data has been defined, you can filter dashboards or subjects based on user attributes:

1. Open the dashboard or subject – edit the dashboard object you want to secure.

2. Add a filter – on the Data tab, click Filter and then Add to create a filter condition support.inmydata.com.

3. Select the column to filter – choose the field in the subject to filter (e.g., Store).

4. Use a filter parameter – next to the values list, click the Filter Parameter button and select the appropriate user attribute (e.g., the user’s store) support.inmydata.com.

5. Apply the filter – click OK to save the filter condition, then save the dashboard support.inmydata.com.

This technique ensures that each user sees only the rows matching their own values (for example, a manager sees only their store’s data).

API keys and User Level Security

Programmatic access to inmydata uses API keys. An API key authenticates your agent code and is tied to a specific user and tenant (the user that creates the API key and the tenant they belong to).  The inmydata Python API classes expect environment variables such as INMYDATA_API_KEY, INMYDATA_TENANT and INMYDATA_CALENDAR developer.inmydata.com.

When you call the API data returned via methods like get_data_simple() or get_data() is limited to the subjects and rows the API key’s user is allowed to see.

Because API keys inherit the permissions of their associated user, it is crucial to ensure that the user belongs to the correct groups and has appropriate user‑specific filters.

Creating an API Key

To create an API key:

1. Log in to inmydata with a user account that has rights to generate API keys.

2. Open API Keys – from the user menu, choose API Keys.

3. Create a new key – click Generate API key, give the key a descriptive name (e.g., “sales‑chatbot”), and select the user if prompted.  The key will inherit this user’s group and row‑level security.

4. Copy and store the key securely – the key will be shown only once.  Store it in a secure location (for example, an environment variable or a secret manager) and set the INMYDATA_API_KEY environment variable in your code.

5. Use the key in your agents – the inmydata Python API classes read the key from the environment and apply the user’s security context automatically developer.inmydata.com.

Treat API keys like passwords: don’t embed them in client‑side code or check them into version control.  If a key is compromised, revoke it via the API Keys settings and generate a new one.