en-asset-sharing-data-catalog
title: Asset Sharing - Data Catalog draft: true sidebar_position: 4
Overview
The data catalog system offers advanced functionalities for secure asset sharing, allowing users to control data access granularly through two main methods: link sharing and signed asset embedding.
1. Asset Link Sharing
Functionality
Asset sharing enables users to generate links to provide access to specific catalog resources, with full control over visibility and access permissions.
How to Use
-
Access the Sharing Menu
- Navigate to the desired asset in the catalog
- Click the button with the link icon to open the sharing menu
- A modal will be displayed with configuration options
-
Configure Visibility
-
Private Link (Default): Requires platform authentication
- Users need to be logged in to view the asset
- Maintains security for sensitive data
- Access control based on user permissions
-
Public Link: Allows access without authentication
- Anyone with the link can view the asset
- Ideal for sharing with external stakeholders
- Use with caution for sensitive data
-
Default Configuration
- Default Visibility: All catalog assets are created with private visibility
- Security: Private links ensure only authenticated users have access
- Flexibility: Visibility can be changed at any time by the asset owner
Use Cases
- Private Links: Internal team sharing, confidential reports
- Public Links: Stakeholder dashboards, public reports, external documentation
2. Signed Asset Embedding
Functionality
The signed embed system uses JWT (JSON Web Token) tokens to allow temporary and secure access to specific catalog assets, without requiring direct platform authentication.
Security Architecture
Initial Setup (Super Admin)
-
RS256 Key Pair Generation
Use OpenSSL to generate the required key pair:
# Generate RS256 private key
openssl genrsa -out private_key.pem 2048
# Extract public key from private key
openssl rsa -in private_key.pem -pubout -out public_key.pem⚠️ IMPORTANT - Security Disclaimer:
It is the client's exclusive responsibility to protect and ensure the security of the private key. Dadosfera is not responsible for leaks, misuse, or compromise of private keys. Always keep your private key in a secure environment and never share it. -
Public Key Registration on Platform
- Access the platform Home
- Click on the organization name in the upper corner
- Select "My Organization"
- Navigate to the "Public Key" section
- Paste the generated public key content (
public_key.pemfile) - Save the settings
JWT Token Generation
-
Asset Identification
- To obtain the asset ID needed for the JWT:
- Navigate to the desired asset in the catalog
- Click the button with link icon (for sharing modal)
- OR click the button with iframe icon (for embed modal)
- The asset ID will be displayed in the corresponding modal
- To obtain the asset ID needed for the JWT:
-
Token Creation
- Client generates a JWT using their corresponding private key
- Token should contain only essential information
- Set appropriate expiration time
-
Simplified JWT Structure
{
"sub": "sharing_id",
"exp": 1234567890
}Where:
sub: Sharing ID (obtained from link or embed modal)exp: Token expiration timestamp
How to Use
-
Generate Access URL
- Build URL in the format:
https://app.dadosfera.ai/en-US/share/{jwt_token} - Replace
{jwt_token}with the generated JWT token - Example:
https://app.dadosfera.ai/en-US/share/eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
- Build URL in the format:
-
Access Validation
- The system automatically validates the JWT token
- Verifies signature using the registered public key
- Confirms the token has not expired
- Redirects to the asset corresponding to the sharing ID
System Advantages
- Security: Temporary access with automatic expiration
- Flexibility: Granular control over which assets to share
- Integration: Facilitates embedding in external applications
Use Cases
- External Dashboards: Incorporating charts into customer portals
- Temporary Reports: Time-limited access for auditors
- Partner Integrations: Secure sharing with third-party systems
- Presentations: Embedding data in slides or documents
Security and Best Practices
General Recommendations
- Always review visibility settings before sharing
- Use private links for sensitive data
- Configure appropriate expiration times for JWT tokens
Limitations
- Expired JWT tokens do not allow access to assets
- Public links do not have granular access control
- Changes to the public key invalidate all existing tokens
- Deleted assets make links/embeds unavailable
Support
For technical questions or issues with asset sharing, contact the support team through the platform's official channels.