Skip to content

Proposal for private tables & visualizations on CartoDB

Jump to bottom
Álvaro Ortiz edited this page Apr 3, 2014 · 5 revisions

This functionality is already available in the CartoDB Dashboard:

You have more info in this blog post.

This document described the potential functionality to add to allow more fine control over access to tables and visualizations on CartoDB. First the functionality we think it should be possible to have on CartoDB and then a potential way of implementing it:

Functionality to add:

  • There is no need to make all tables public in order to publish a visualization. Tables stay public or private. Change the text when you are going to change it. For a table you have the option to:

Choose access level:

    • (Open, green) Data can be queried, download and visualized TABLE_OPEN
    • (Ony Vizz, yellow) Data can only be visualized on maps TABLE_ONLY_VIZZ
    • (Private, red) Data can only be accessed and used by authenticated users. TABLE_PRIVATE

  • Visualization will be possible to make them public or restrict access: A dialog will appear when sharing a visualization that says: Who can view this visualization?

  • Anyone on Internet can see this visualization LISTED

  • Only those with a link: Only those who receive the link. Visualization will not be listed NOT_LISTED

  • Only people with a link and a password: You will set a password PASSWORD_PROTECTED

  • Only other users of your organization (this will be gray out until we have the users functionality, it is present there for commercial purposes)

  • Only you PRIVATE

How can does this work internally?

  • The Visualization model on ruby will be extended to have a "sharing option", with 4 possible values (listed,not_listed,password_protected,private)

  • We have a new PostgreSQL user called mapsuser with GRANT SELECT on tables that are involved in a visualization that is on mode listed,not_listed or password_protected

  • Only you: Stays the same, you need to pass the api_key to the tiler to get access to it. The tiler connects to the DB with the user username linked to the api_key. http://username.cartodb.com/viz/sf3ffj if not authenticated on rails it redirects to a 404.

  • Anyone on Internet: The URL looks like http://username.cartodb.com/viz/sf3ffj (listed) The tiler connects with the mapuser postgresql user.

  • Only people with a link: The URL looks like http://username.cartodb.com/viz/sf3ffj/ (not_listed) The tiler connects with mapuser postgresql user.

  • Only people with a password: the URL looks like http://username.cartodb.com/viz/sf3ffj/ When the user enter rails detect is a (password_protected) vizzualization and requires a password to enter. It checks against the database for the password of this visualization and if they match then we let the user go to the visualization. The tiler connects with the mapuser.

Security considerations:

  • The most important thing is that by decoupling the sql api user from the map user we can avoid people to download and query data. -Someone who manage to get a visualization id (sf3ffj) can not get to see the map as it will not be allowed to get the vizjson definition unless they have the password.

  • On the table when is TABLE_OPEN then the table has granted SELECT to publicuser and mapuser

  • On the table when is TABLE_ONLY_VIZZ then the table has granted SELECT to mapuser

  • On the table when is PASSWORD_PROTECTED then only owner and superadmin have access.

The tiler will connect always with mapuser unless is authenticated and then it connects to owner.

Clone this wiki locally