Simplifying AI Data Access with Granular Control: How Liberator's Entitlements Engine Enables Secure Model Training

The promise of AI-driven financial insights depends on one critical factor: access to high-quality, diverse datasets. But in the financial services industry, data access isn't just about connectivity—it's about compliance, security, and fine-grained control over who sees what, when, and how much.

CloudQuant's Data Liberator platform solves this paradox through its sophisticated entitlements service engine, providing AI teams with streamlined access to financial datasets while maintaining the granular controls that enterprise security and compliance teams demand.

The AI Data Access Challenge

Modern AI models—whether for market prediction, risk assessment, or algorithmic trading—require training on diverse historical datasets. Data teams need to:

• Access historical market data across multiple symbols and timeframes
• Correlate patterns across different data providers
• Run iterative experiments with different dataset combinations
• Validate model performance against out-of-sample data

Traditional approaches force teams to choose between two undesirable extremes:

• Open access: Dump entire datasets into data lakes, losing audit trails and fine-grained control
• Restricted access: Gate every dataset behind manual approval processes, killing productivity

How Liberator's Entitlements Engine Works

Liberator's entitlements service provides a middle path: programmatic access with policy-based controls. Here's how it transforms AI workflows:

RESTful API with Built-in Authorization

Every API request to Liberator passes through the entitlements engine. Data teams authenticate once using OIDC, and their token carries their entitlements:

bash

curl -H Content-Type:application/json -d '{"name":"dataset","user":"data-scientist","token":"your-token-here"}' https://liberator.cloudquant.ai/liberator/query

Behind the scenes, the entitlements engine validates:

• Does this user have access to this dataset?
• Are they entitled to query the requested symbols specifically?
• Does their subscription tier allow this date range?
• Are they within their rate limits and record quotas?

Dataset-Level and Symbol-Level Controls

Unlike monolithic data platforms, Liberator supports entitlements at multiple granularities:

Dataset-level: Grant access to entire datasets like "US Equities" or "Options Data"

Symbol-level: Restrict access to specific tickers or asset classes—perfect for teams working with proprietary watchlists or sector-specific models

Field-level: Control which columns are visible (price, volume, bid/ask spreads, etc.)

This means your equity research team can access large-cap constituents while your options desk sees only their authorized derivatives universe—all from the same platform.

Time-Based Access Patterns

AI models need historical data, but not all users need real-time access. Liberator's entitlements engine supports:

• Lookback windows: "Access the last 5 years of data" rather than "all historical data"
• Embargo periods: Restrict access to recent data for users on delayed feeds
• Time-boxed experiments: Grant temporary access for specific research projects

This aligns data access with both business needs and licensing constraints from upstream providers.

Audit Trails for Compliance

Every query generates detailed audit logs:

• Who accessed which datasets
• What symbols and date ranges were requested
• How many records were returned
• When the access occurred

For SOC2-compliant organizations (like CloudQuant), these logs feed directly into security information and event management (SIEM) systems, providing the paper trail auditors require.

Real-World AI Workflow: Model Training with Liberator

Let's walk through how a data science team uses Liberator to train a market correlation model:

1. Discovery Phase

python

import liberator

# List available datasets the user is entitled to, with schema details
datasets = liberator.datasets(
    entitled=True,
    details=True,
    schema=True,
    user="data_scientist",
    token="your-token-here"
)

Outcome: The data scientist sees only datasets they're entitled to access—no time wasted exploring restricted data.

2. Historical Data Retrieval

python

import liberator

# Query 3 years of daily data for large-cap equities
liberator.url = 'https://liberator.cloudquant.com'

df = liberator.get_dataframe(
    liberator.query(
        name="equity_market_data",
        symbols="TICKER_A,TICKER_B,TICKER_C,TICKER_D",
        back_to="2021-01-01",
        as_of="2023-12-31",
        fields="close,volume,adj_close",
        user="data_scientist",
        token="your-token-here"
    )
)

Outcome: The entitlements engine validates the request in milliseconds. If approved, data streams directly into the model training pipeline.

3. Iterative Experimentation

As the model evolves, the team needs additional data:

python

# Add correlation with sector ETFs
sector_df = liberator.get_dataframe(
    liberator.query(
        name="equity_market_data",
        symbols="ETF_SECTOR_A,ETF_SECTOR_B,ETF_SECTOR_C",
        back_to="2021-01-01",
        as_of="2023-12-31",
        user="data_scientist",
        token="your-token-here"
    )
)

Outcome: No need to file tickets or wait for manual approvals—if the user is entitled to the requested symbols, they get instant access.

4. Out-of-Sample Validation

For model validation, the team queries recent data:

python

# Get recent data for backtesting (last 250 records per symbol)
validation_df = liberator.get_dataframe(
    liberator.query(
        name="equity_market_data",
        symbols="TICKER_A,TICKER_B,TICKER_C,TICKER_D,ETF_SECTOR_A,ETF_SECTOR_B,ETF_SECTOR_C",
        back_to="2024-01-01",
        record_limit=-250,
        user="data_scientist",
        token="your-token-here"
    )
)

Outcome: The entitlements engine ensures the user can only access data within their subscription's recency limits.

The Enterprise Security Advantage

While data scientists experience seamless access, the security team maintains complete control:

• Centralized Policy Management: Update entitlements, and changes propagate instantly 
• Principle of Least Privilege: Grant access to exactly the datasets and symbols each user needs—nothing more
• Integration with Identity Providers: Leverage existing LDAP, Active Directory, or SAML/OIDC infrastructure
• Rate Limiting and Quotas: Prevent abuse and manage costs by limiting query frequency and data volume per user
• Multi-Tenant Isolation: Different client organizations see completely separate data universes, even on shared infrastructure

Beyond Traditional Data Lakes

Traditional data lakes require AI teams to:

• Request dataset access through tickets
• Wait for data engineering to make the data available
• Learn proprietary query languages or tools
• Manage data copies and versions locally
• Lose visibility into who accessed what data

Liberator's entitlements-driven approach flips this model:

• Self-service within guardrails: Users query what they need, when they need it
• No data movement: Data stays in place; APIs provide virtual access
• Standard interfaces: RESTful APIs with JSON responses work with any ML or AI framework
• Live data: Always query the latest available data, no stale copies
• Complete auditability: All access logged and traceable

Real-World Impact

CloudQuant's Data Liberator platform, powered by its entitlements service engine, enables financial institutions to:

• Accelerate AI development cycles from weeks (waiting for data access) to hours (self-service queries)
• Maintain compliance with SOC2, regulatory requirements, and vendor licensing agreements
• Reduce infrastructure costs by eliminating redundant data stores and copies
• Scale data access across hundreds of users without compromising security
• Simplify vendor management by aggregating multiple data providers behind a unified API

Getting Started

CloudQuant Data Liberator gives your data teams instant, governed access to institutional-grade financial data—without the tickets, the wait, or the compliance risk. Secure by default. Auditable by design. Ready when your team is.

Stop building access infrastructure. Start building better models.

Contact us to see it in action.