Knogin
[Developers]

Data Access Domain

A field operative needs to access sensitive investigation data while working in an area with limited connectivity. She cannot just download everything, access to specific datasets requires documented approval, and the ac

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscompliance

Overview#

A field operative needs to access sensitive investigation data while working in an area with limited connectivity. She cannot just download everything, access to specific datasets requires documented approval, and the access should expire when the field deployment ends. Her supervisor approves the request, a time-limited access grant is issued, and the data synchronises to her device. When the deployment ends, the access expires automatically and is revoked, with the full approval and expiration lifecycle recorded in the audit trail.

The Data Access domain manages that controlled access workflow: requests, approvals, grants, expirations, and revocations, all auditable.

Key Features#

  • Data access request and approval workflows.
  • Permission management for investigation-scoped data.
  • Offline mode data synchronisation support.
  • Access expiration and revocation management.
  • Audit logging for all data access events.
  • Role-based access control integration.
  • Organisation-scoped data access policies.
  • Temporary access grants with configurable duration.

Use Cases#

Field operatives working in remote or low-connectivity environments request and receive approved data access grants with offline synchronisation, giving them investigative data when network access is unavailable.

Intelligence analysts with temporary secondment to joint investigations request time-limited access to datasets outside their normal permissions, with the grant automatically expiring when the secondment ends.

Audit teams track and audit data access across organisational boundaries, using the complete access event log to confirm that only authorised personnel accessed sensitive investigation data and that all grants were properly approved.

Compliance officers enforce time-limited access policies for contractors and temporary team members, ensuring that access to sensitive data does not persist beyond the approved engagement period.

Integration#

Integrates with offline mode and investigation domains for data access lifecycle management.

Open Standards#

  • GraphQL (June 2018 specification): All data access and offline sync operations are exposed as typed GraphQL queries and mutations, enabling strongly-typed, introspectable API contracts for clients requesting or syncing investigation data.
  • OAuth 2.0 (RFC 6749) and JSON Web Tokens (RFC 7519): Every API call is authenticated with an RS256-signed bearer JWT validated against a JWKS endpoint; organisation and user claims carried in the token scope all access-grant and sync operations.
  • OASIS XACML 3.0 (eXtensible Access Control Markup Language): The platform enforces attribute-based access control via an XACML 3.0 policy evaluator on every data sync operation, using standard XACML subject, resource, and action attribute categories to reach permit/deny decisions.
  • Role-Based Access Control (RBAC, NIST RBAC Model SP 800-63): Role hierarchies from the platform's built-in RBAC catalogue are evaluated alongside XACML policies to enforce least-privilege access for investigation-scoped data grants.
  • ISO/IEC 27037:2012 (Digital Evidence): Audit logging of all data access events follows the evidence-collection and preservation requirements of ISO/IEC 27037, ensuring the full approval and expiration lifecycle is admissible for compliance reviews.
  • JSON (RFC 8259 / ECMA-404): Sync operation payloads, entity values, and conflict records are exchanged and stored as JSON, providing an interoperable, schema-agnostic data format between field devices and the server.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.