Redpoint Best Practices Documentation
Redpoint Best Practices Documentation
Breadcrumbs

Data access rights

Introduction

Organizations must balance the need for actionable insights with the imperative to protect sensitive information and comply with privacy regulations. Redpoint’s Customer Data Readiness Hub is architected to deliver granular data access rights, ensuring that every user, process, and downstream system interacts with customer data in a secure, compliant, and contextually appropriate manner. This document outlines Redpoint’s approach to supporting fine-grained data access controls.

Types of access control metadata

Redpoint’s metadata-driven architecture enables the definition and enforcement of data access rights at multiple levels:

Sensitivity & Compliance Metadata

  • What it is: Flags and tags that classify data elements by sensitivity (e.g., PII, PHI, PCI, confidential, public) and compliance requirements.

  • Examples:

    • isPII: true for fields containing personally identifiable information.

    • isPHI: true for protected health information.

    • Compliance: GDPR, RetentionPolicy: 7 years

  • Why it matters: Sensitivity and compliance metadata enable dynamic enforcement of access controls, ensuring only authorized users can view or manipulate sensitive data, and that regulatory obligations (such as right to be forgotten) are met.

Role-based access metadata

  • What it is: Metadata mapping user roles and groups to specific data access permissions.

  • Examples:

    • Role: Data Steward with full access to all customer attributes.

    • Role: Marketing Analyst restricted from viewing PII fields.

  • Why it matters: Supports least-privilege access, ensuring users only see data necessary for their function and reducing risk of unauthorized exposure.

  • What it is: Metadata recording the intended use of data and the consent status for each customer and data element.

  • Examples:

    • Purpose: Marketing, ConsentStatus: Opted-In

    • Purpose: Analytics, ConsentStatus: Opted-Out

  • Why it matters: Enables dynamic enforcement of consent and purpose limitations, supporting compliance with regulations like GDPR and CCPA, and ensuring customer preferences are respected.

Lineage & audit metadata

  • What it is: Tracks who accessed or modified data, when, and for what purpose.

  • Examples:

    • LastAccessedBy: user@company.com

    • AccessReason: Customer Support

  • Why it matters: Provides a complete audit trail for compliance, governance, and forensic analysis.

How Redpoint captures and enforces access rights

Ingestion and tagging

During data onboarding, Redpoint’s low-code/no-code interfaces allow users to tag fields with sensitivity, role, and consent metadata. Automated scanners can detect and flag PII/PHI fields for further review.

Policy definition and management

Administrators define access policies using a centralized policy engine:

  • Policies can be set at the field, record, or dataset level.

  • Policies are versioned and auditable, supporting change management and regulatory review.

Real-time enforcement

Access controls are enforced in real time across all Redpoint interfaces and APIs:

  • UI access: Data masking, redaction, or suppression based on user role and data sensitivity.

  • API access: Fine-grained permission checks for every API call, ensuring only authorized data is returned.

  • Exports/integrations: Data exports are filtered or masked according to the requesting user’s permissions and the intended downstream use.

Redpoint’s consent-aware identity resolution and activation pipelines ensure that only data with appropriate consent is used for marketing, analytics, or other downstream activities.

Making access rights metadata available to downstream systems

  • API access: Access rights metadata is exposed via REST APIs, enabling downstream systems to enforce the same granular controls.

  • Data exports: Exports include access rights metadata, allowing external BI tools or data lakes to respect Redpoint’s access policies.

  • Catalog integration: Redpoint’s data catalog includes access rights and sensitivity tags, supporting enterprise-wide governance and compliance.

Granular access rights for managing sensitive information across various contexts

  • Data privacy compliance: Automatically restricts access to personally identifiable information (PII) and protected health information (PHI) for unauthorized users, aiding organizations in adhering to data protection regulations.

  • Field-level masking: Allows organizations to mask or redact sensitive fields in reports or dashboards, preventing non-privileged users from accessing critical information and protecting against data breaches.

  • Consent-driven marketing: Helps organizations manage customer outreach by suppressing marketing communications for customers who have not provided explicit consent, enhancing customer relationships and ensuring legal compliance.

  • Audit and forensics: Granular access rights provide detailed logs of data access, including who accessed the data, when, and why, enabling accountability and compliance with regulations.

Conclusion

Redpoint’s metadata-driven approach to granular data access rights ensures that organizations can confidently unify, activate, and govern customer data, balancing the need for insight with the imperative of privacy and compliance. By embedding access control metadata throughout the data lifecycle and enforcing policies in real time, Redpoint empowers organizations to deliver trusted, compliant, and personalized customer experiences at scale.

Granular access rights are not just a technical feature—they are a strategic enabler for responsible, customer-centric data operations.

For more details on Redpoint’s metadata-driven architecture and its role in data readiness, see the Metadata documentation.