timbr core
Access Control
& Governance
Timbr embeds enterprise-grade security and governance into the semantic layer, enforcing fine-grained policies across SQL, BI, and APIs to ensure compliant, role-based access that aligns with identity management and regulatory requirements.
Enterprise Identity and
Authentication Integration
Timbr natively integrates with corporate identity providers to centralize authentication and authorization:
Single Sign-On
(SSO)
Streamlines authentication via protocols like SAML and OAuth 2.0.
Azure Active Directory (AD)
Automatically map users and roles to Timbr permissions.
Token and JWT-based Access
Secure APIs and SDKs using OAuth tokens or JWTs with full user impersonation support.
These integrations align semantic access policies with enterprise identity systems, reducing administrative overhead and improving consistency.
Fine-Grained Access Control
Timbr enforces layered access controls across both metadata and data, including:
Role-Based Access Control (RBAC)
Assign access to users, teams, or business units by concept, project, or environment.
Row-Level
Security
Restrict access to individual records based on user role or business context.
Column-Level Sec. & Data Masking
Hide or anonymize sensitive fields dynamically.
Concept, Mapping, and View Permissions
Govern interaction with semantic model elements at a granular level.
Policy
Reusability
Define access rules once and apply them consistently across teams and tools.
Access controls apply uniformly to both live and cached data, ensuring consistent enforcement regardless of storage tier or query source.
Governance for Cached and Aggregated Data
Timbr’s caching engine applies the same access rules and policies to cached and pre-aggregated data as it does to live queries. This includes:
- Semantic auto-aggregations governed by access policies.
- Secure multi-tier caching that respects row- and column-level restrictions.
- Cache-aware security enforcement, ensuring no data is exposed without authorization, even in performance-optimized layers.
Security Policy Delegation and Pushdown
Organizations can choose to:
- Enforce access centrally within Timbr, or
- Push down policies to the data source, using native permissions, OAuth credentials, or mapped roles.
This hybrid governance model provides maximum flexibility for compliance and existing architectural alignment.
Auditing, Lineage, and Observability
Timbr provides a complete picture of how data is used and changed:
- Audit Trails: Track user actions, model changes, queries, and API activity.
- Semantic Lineage: Trace how concepts, views, and measures are derived from source data.
- Usage Metrics & Query Logs: Analyze usage patterns by user, model, and data source.
- Observability Integration: Stream logs and metrics to external tools for enterprise-wide monitoring.
These capabilities support GDPR, HIPAA, ISO 27001, and other regulatory compliance requirements.
Model Governance and Lifecycle Management
- Version Control: Track, compare, and revert changes across the semantic model.
- Approval Workflows: Control publishing of models and updates in production environments.
- Git Integration: Optionally sync model artifacts with Git for CI/CD alignment.
Consistent Governance Across Tools and Interfaces
All access policies are enforced uniformly across:
- SQL Clients (via JDBC / ODBC / SQLAlchemy)
- BI Tools (e.g., Power BI, Tableau, Looker, Excel)
- Programmatic APIs (REST/OpenAPI)
- AI Interfaces (via Timbr’s LangChain / GraphRAG SDKs)
