Overview
Security of your Public information is critical. When deploying Yellowfin an analysis of the security needs of your business should be undertaken. Yellowfin has a number of security features that you can use to ensure the security of your Public information. These can be applied is a mix of ways depending upon the level of security that you require. The security features available include:
This section describes the security framework available to you through Yellowfin. It has been set out so that the highest level security features are described first. For instance Access Roles are the highest and easiest to administer form of security whilst column level security is the most granular and by default the most complex to administer over a large user base deployment.
Roles & Functions
Yellowfin user management is designed around the concept of user roles. This means that multiple users share a commonly defined role for access to the application. Individual users do not have a unique security profile.
A role is a collection of available security functions. Each user will have a role associated with them. As the Yellowfin report writers you can either:
- Change a person’s role – and thus the type of access they have to the application or
- Change a role definition by adding or removing functions and thereby updating all users’ access to the system that share that role.
When a user is logged in the system checks that they are still registered in the application and if so what role they should have. Based on the role access the users interface will be dynamically built – only showing them links and functions that their role has access to.
See Roles for more information.
Content Folders
All content is managed through a similar security and categorisation infrastructure which is managed through the Content Folders.
The security of your reports is managed at the folder and sub folder level, not at the individual item level. The purpose of this is to simplify the creation of reports in the system.
See Content Folders for more information.
Data Source Access Management
When setting up a source system in Yellowfin you can define which users have the rights to create views against the source as well as write SQL queries against the source.
The general rule for source system security is that it is used for controlling Yellowfin report writers that wish to create views against the source. It is through this process that a user could write reports against the source system and thereby gain unauthorised access to data.
See Managing a Data Source for more information.
View Access Management
The main form of security for users creating reports and having access to views which allows them to write any report is through the VIEW security.
When a report is written or edited a user must connect to the view record to determine what fields are available to them. At this stage, security check is made to determine if the view that is being accessed is secure, and if so, does the user have the authority to access it.
The security on your view is the most rigorous in terms of managing access to the data that is stored in it. Not only can you control edit access but you can also control which users are permitted to read reports created from the specified view.
See View Security Settings for more information.
Column Access & Restrictions
In some cases a view might be created that is designed for general use but some columns within that view are highly sensitive. For example the salary column in the human resources view holds data that is not for general consumption.
In this case you have two options.
- Create a copy of the view and exclude the salary column from this instance. Save the view with a new name to indicate that the view is free of sensitive data.
- Alternatively Yellowfin provides you with the opportunity to define the columns as restricted columns. Once this has been done an additional layer of security needs to be defined, which allows certain users access to the restricted columns of the selected view.
Note: security to restricted columns is globally defined. You cannot specify different users for separate restricted columns within the view.
Only users with restricted access will be able to see the item when creating reports. When an active report is run, restricted columns will be displayed to all users who have access to the report.
See Field Settings for more information.
Access / Value Based Filters
In some cases a view might be created that is designed for general use but you only wish report consumers to access data from the view that is relevant for their position in the organisation – such as cost centre manager. In this case you would create an Access or Value based filter.
This is achieved by updating the source connection wizard to specify the available filters – such as cost centre and your users’ relationship to that source. You then specify the specific columns on the view that related to that source filter – e.g. you must indicate which column in the view is the cost centre column.
When writing a report you would specify that the cost centre filter must be used as the access filter. In this case the cost centre that the report reader owns will be passed in as a filter on the query. Only users with access filters defined will be able to see the data in their reports.
See Restricting Data with Access Filters for more information.