Introducing Access Filters
Spider introduces its nex 'Access filters' feature to restrict data access within the captured data.
Concept
Previously, any user having access to a Whisperer could see all data captured.
Now, you may restrict access to captured data:
- Enable each view -
HTTP
,TCP
,PACKET
- independently, - Restrict accessible data with a specific filter
- Remove the HTTP headers you do not want to expose to certain users
- Remove access to the HTTP payloads
- Useful to get access to statistics and patterns without having access to confidential data
- Define a set of filters as default for new team members
Sample use cases
- Production
- Give production data access to developers without leaking credentials
- Give production statistics and behavior access to developers without giving data access (and leaking PII)
- Allow high level data access without giving low level access
- Allow restricted access in production to a product squad in order to check or troubleshoot a new deployment
- Integration
- Create restricted access accounts with predefined filters for 3rd party integration campaign
These use cases are described in the documentation.
How does it work?
- It is integrated within the
Team
feature - Team administrators may define as many
Access filters
as they need- They associate filters to
Whisperers
andUsers
- They associate filters to
- When selecting a Team to get its access, the filters are injected in the newly generated security token.
- The filters are applied on all API used to retrieve captured data.
User interface
Managing Access Filters
Access Filter are created and managed in Team Access filters
tab:
Edit form:
Managing existing filters:
Access filters in User profile:
Applied access filters
When a user associated to Access Filters selects one of the filter Whisperers, a badge is displayed next to the Team and Whisperer badges:
It tells what filter applied, and shows a lock icon, indicating that the filters cannot be removed.
A tooltip explains the filters applied.
Feedback
Do you like this new feature? Any comment?
Send me a mail, or a support ticket :)