Code Mode security
Yellowfin provides a security plan to ensure that code in Code Mode is edited by trusted users. Administrators must first turn on Code Mode via specific configurations, and then provide the correct role function to trusted users to allow them to edit code. Note that both of these settings are disabled by default, and must be enabled for Code Mode.
Note: these settings provide control to users who want to edit or add code via Code Mode. Any functionality added via this feature can be ‘consumed’ by users of the dashboard, regardless of their code editing role function.
Below are step-by-step instructions for each.
Code Mode configurations
Code Mode configurations need to be enabled to edit dashboard code, and run dashboards that were edited in Code Mode. Dashboards that were edited in Code Mode will not run any custom HTML and JavaScript content (a placeholder appears in place of custom coded content), or apply any CSS styling if the Code Mode configuration is disabled for that instance of Yellowfin.
Follow the steps below to enable the Code Mode configurations.
- Navigate to Administration > Configuration.
- Click on the System icon, and expand the Security tab.
- Enable the Dashboard Code Mode toggle to turn on Code Mode for dashboards and Present in the current Yellowfin instance. Enabling this will also bring up another Code Mode setting; see below step.
- Enable the Client Org Dashboard Code Mode toggle. This gives client org admins control to enable Code Mode at the client org level (note that this does not enable Code Mode at client level, admins will need to turn it on for the specific client org.)
- Click on Save.
- Tip: Note that enabling the Code Mode configuration alone does not allow users to edit code, they will need the Code Mode role function enabled to grant them access to the code editor.
Code Mode role functions
Enable the Code Mode role function for trusted users.
This should only be available to trusted developers and coders as it allows users to add any executable code, including potentially malicious code.
- Navigate to Administration > Admin Console.
- Expand Roles and select the user role for which to update this functionality.
- At the functions page, expand the Dashboard tab and enable the Code Editor functionality.
- Then click Save to ensure that this setting is saved.
- All users assigned this role will then be able to use Code Mode on dashboards and in Present. However, active users will first need to log out of the system and then back in again for this to take effect.
Read only Code Mode
If the Code Mode configuration is turned off, code editors will still be able to see the dashboard or presentation code, but now edit it. A warning message will let them know that the editor is in read only mode.