Organization & Security

Access control, API keys, certificates, and connection monitoring.

Every organization has fine-grained security controls. Define user roles, folder-level permissions, API key scoping, and security group membership. Permissions are enforced inside the query engine, not at the gateway — the same dashboard URL shows different data to different users.

Security at the Query Layer

Role-based access control in GroveStreams isn't a gateway filter or an application-layer check — it's enforced inside the query engine itself.

  • When users interact through the UI, GS SQL, the AI assistant, or OAuth-authenticated OData connections, the query engine filters results by their individual permissions
  • If a user doesn't have read access to a component, that component's data is absent from query results entirely — not just hidden in the UI
  • Security-aware dashboards: The same dashboard viewed by two different users shows different sets of components based on each user's access rights. An operations manager sees their region; a field technician sees only their assigned equipment — same dashboard, same URL, different data
  • API keys provide a separate security model for system-to-system integration — scoped by endpoint, resource type, IP address, and domain whitelist

Access Control

Two layers of control: an org-level setting that flips the entire org public or private, and per-folder/per-object permissions accessed via right-click → Properties → Security — familiar from any operating system. Both are enforced inside the query engine.

Org-level public/private setting controlling default visibility for the entire organization
Org-level: a single setting flips the entire org public or private.
Properties dialog showing the Security tab for a folder or object, with user and group permission entries
Per-object: right-click → Properties → Security on any folder, component, dashboard, map, or tool.

API Keys

API keys provide a separate security model for system-to-system integration. Scope each key by endpoint, resource type, IP address, and domain whitelist — or grant broad access for trusted internal services. Keys can be rotated and revoked without touching user permissions.

API key management panel listing the org's keys with scope summaries
All API keys for the org, with scope summaries.
API key editor showing granular per-resource and per-operation scoping
Granular per-resource and per-operation scoping on a single key.

Users, Groups & Their Permissions

This is where you add and remove users from the organization and configure each user's security. Group users into roles — operators, technicians, regional managers — so permissions can be assigned by group rather than by individual. Groups appear as an option anywhere a Security tab takes user/group entries, keeping org-wide policy consistent.

Groups editor managing the list of user groups in the organization
Define groups that map to your operational roles.
User and group rights editor — the central place to add/remove users from the org and configure their security
Add or remove users and configure each user's security.

Secure Your Data

Enterprise-grade security from day one.

SIGN UP FREE