A critical but often overlooked feature of B2B SaaS products is role-based access control. This feature is not always included in technology platforms but is considered essential for enterprise B2B SaaS solutions.
At Keen we designed and programmatically provisioned role-based access (RBAC) for users and customers by implementing access keys. We wanted to guarantee each user can explore the data they need with completely customizable permission tiers. That view drove the need for role-based access keys and giving users a single project for everything instead of siloing data into individual Keen projects.
Most often RBAC is implemented with distinct roles including administrator, editor, user, as well as other roles. RBAC is best implemented when it allows for granular and flexible customization of access to data as well as functions for a platform such as read, write, and execute. To understand further, let’s define what an access key actually is.
What is an Access Key?
An access key is an API Key generated by the API to identify the source or user making a request to the Keen.
You can programmatically generate, revoke, or modify access keys. For example, if you wanted to have customer-facing analytics in your app, access keys would allow individual customers to see their own data without exposing anyone else’s data. Access keys can also restrict where a user can send data or automatically include other data properties.
Each key has a defined scope of permitted operations. You can read more on how to create, revoke, or modify access keys in our documentation. Here are some uses cases for our customs access keys:
- Presenting dashboards with analytics to end-users while ensuring that one customer doesn’t access another customer’s data
- Ensuring that maintenance operations within Keen such as [deletes] are only granted to users as needed
- Utilizing our [data enrichment] with [webhooks] to stream data into Keen
- Appending master or entity data to every event streamed into Keen with our options.write.autofill method
Access Keys At Work
Keen recently spoke to Martin Webb, founder at Tudodesk, while implementing Keen within their application. Tudodesk was planning on building a proxy server with a custom API using node to manage pushing and pulling data from Keen. Leveraging a proxy communicating with our API is powerful and can be a robust and custom solution. However, building a proxy server in this way is time and resource-intensive.
During implementation, the discussion between Keen and Tudodesk turned towards access keys as an alternative to building the proxy server. Martin was unaware of Keen’s access keys solution and was simply building the proxy solution as they were accustomed to solving the problem on their own and building what they needed from the ground up.
“The access key work like a charm, we will just need to store it in our DB, and pull it down to the client, but that makes life a lot easier than using a proxy at this stage,” said Martin.
Throughout our implementation process Martin provided even more insight on why Keen’s access keys are essential for enterprise B2B SaaS solutions.
“Using the access key feature secures everything out-of-the-box,” said Martin. “Not only can we issue private, secure keys per vendor, but we can lock down what those client’s keys can read and write. More importantly, we can pre-set filter parameters.”
Tudodesk says using access keys will allow them to create a key per vendor that filters on their Vendor ID provided by their backend. Using Keen has given them an easier solution and they’ve now proposed to scrap the proxy and write a small script to issue access keys on each vendor’s account. Martin stated that the key can then be templated into their APP’s client code (HTML) and read by the client script to deliver their dashboard on the fly giving better security and better control in less development time.
At Keen, our goal is to drive value to our customers and build solutions that help them grow. Our team is dedicated to our onboarding and implementation process, guiding our customers, and pointing them in the right direction when it comes to our platform features.