Skip to main content

Access Control System

Athinia’s access control system is designed to meet the security and compliance needs of the semiconductor industry. It uses a layered security architecture based on enterprise standards and strong security protocols, supporting data sovereignty and enabling controlled collaboration among supply chain partners.

User and Group Management

Enterprise identity integration forms the foundation of secure access control. The platform provides centralized identity management through Users and Groups with comprehensive role-based access control capabilities.

The system seamlessly integrates with existing identity infrastructure:

  • Full integration with Active Directory, LDAP, and modern identity providers (SAML or OIDC compliant)
  • Support for complex organizational hierarchies and matrix reporting structures
  • Automated user provisioning and deprovisioning workflows that maintain security hygiene

Key security features ensure robust authentication and session management:

  • Multi-factor authentication enforcement with configurable policies
  • Session timeout controls and concurrent session limitations
  • Geographic access restrictions and device-based access controls

Project-Level Security Architecture

Project-based compartmentalization creates secure boundaries for sensitive work. Through Project Permissioning, organizations can establish isolated workspaces where Projects serve as the primary security boundary in Foundry, organizing users, files, and folders for collaborative purposes.

The hierarchical permissioning model includes:

  • Security boundaries that enforce work containment, ensuring transformation logic and outputs live together within the same Project
  • Group-based role management at the Project level with inheritance to all contained resources
  • Reference system for securely accessing datasets from other Projects without requiring upstream access

Roles Configuration enables precise operational permissions through default roles (Owner, Editor, Viewer, Discoverer) with customizable role hierarchies, allowing administrators to define exactly what each user can access and modify within their assigned projects.

Data Classification and Marking

Security markings provide mandatory access control through comprehensive data classification labels that travel with the data. The Security Markings system enforces binary (all-or-nothing) access control where users must satisfy all marking requirements to access any resource.

Markings are inherited along both file hierarchies and data dependencies, ensuring that derived datasets automatically inherit classifications from their source data. Key capabilities include:

  • Conjunctive access control (users must have access to ALL markings on a resource)
  • Automatic inheritance through data pipelines and transformations
  • Support for proprietary classification schemes (Confidential, Restricted, Internal Use Only)

The system prevents unauthorized data mixing by propagating markings through all data transformations and analysis workflows. Unlike role-based permissions which are discretionary, markings provide mandatory controls that require centralized Expand Access permissions to modify. Visual indicators and scoped sessions help users understand data sensitivity levels while maintaining operational efficiency through controlled access to subsets of available markings.

Row-Level Security Controls

Fine-grained data access control operates at the individual record level through Row-level Access Restricted View Policies. This capability enables secure data sharing scenarios where different users need access to different subsets of the same dataset.

Restricted views are built on top of backing datasets and use policies that compare user attributes (User ID, Username, Group IDs, Marking IDs) with column values and data properties. These views provide dynamic access control while maintaining the underlying data structure and cannot be used as inputs for transforms.

Implementation benefits include:

  • Dynamic data masking for sensitive information based on user clearance
  • Conditional access based on data sensitivity scores and user attributes
  • Support for customer-specific data isolation requirements
  • Compliance with data residency and sovereignty requirements
  • Flexible policy system that evaluates user context against data properties

This approach enables collaborative scenarios like supplier scorecards without exposing proprietary competitive information, maintaining business relationships while protecting sensitive data. Restricted views are typically used to back object types in Ontologies, providing a secure foundation for application-level data access.

Advanced Encryption Controls

Customer-managed encryption provides the highest level of data protection through Cipher capabilities. Organizations maintain complete control over cryptographic operations through Cipher Channels and licensing systems while benefiting from enterprise-grade encryption infrastructure.

The encryption architecture includes:

  • Multiple cryptographic algorithms including AES-GCM-SIV (probabilistic), AES-SIV (deterministic), and SHA-2
  • Cipher Channels for secure key management with stretching key derivation functions
  • Granular licensing system with Operational User, Data Manager, and Admin licenses for different access levels
  • Column-level encryption and decryption capabilities with full audit trails
  • Support for encrypted data joins and aggregations using deterministic algorithms

The system provides comprehensive access control through three license types: Operational User licenses for individual value operations with rate limiting, Data Manager licenses for column-level operations in Pipeline Builder and Contour, and Admin licenses for Transform-based operations with cryptographic key access. All operations are fully auditable at the cell level, ensuring complete visibility into encryption and decryption activities.

This comprehensive access control framework ensures semiconductor organizations can maintain the highest security standards while enabling necessary collaboration across the supply chain ecosystem. The combination of technical controls, operational procedures, and governance frameworks provides defense-in-depth protection for the most sensitive industry information.