SNAP Privacy and Access Control
SNAP handles mixed-sensitivity data and therefore applies layered privacy and access controls.
Access control principles
- Least privilege by default
- Role-based access to datasets and actions
- Explicit workspace scopes
- Audit logging for sensitive operations
Permission levels (simulated)
read_publicread_restrictedmanage_metadatarun_ingestionpublish_dataset
Privacy protections
- Masking of sensitive attributes
- Aggregation thresholds for small cells
- Suppression flags for disclosure risk
- Retention windows for transient extracts
Data sharing guardrails
- Restricted datasets cannot be exported without elevated role.
- Public links omit hidden metadata fields.
- Download tokens expire after short time windows.
Session and token practices
- Short-lived session tokens
- Signed API requests for programmatic access
- Rotation and revocation support
Debug test cases
- Open restricted dataset as guest role (should deny).
- Export public dataset as analyst role (should allow).
- Trigger masked view for sensitive columns.
Incident response simulation
If suspicious activity is detected:
- Session is invalidated.
- High-risk endpoints are temporarily blocked.
- Security event is recorded for review.