Page History
...
Table of Contents | ||
---|---|---|
|
Overview
Styleclass | ||
---|---|---|
|
...
Security of your Public information is critical. When deploying Yellowfin an analysis of the security needs of your business should be undertaken. Yellowfin has a number of security features that you can use to ensure the security of your Public information. These can be applied is a mix of ways depending upon the level of security that you require. The security features available include:
This section describes the security framework available to you through Yellowfin. It has been set out so that the highest level security features are described first. For instance Access Roles are the highest and easiest to administer form of security whilst column level security is the most granular and by default the most complex to administer over a large user base deployment.
Roles & Functions
Styleclass | ||
---|---|---|
|
...
Yellowfin user management is designed around the concept of user roles. This means that multiple users share a commonly defined role for access to the application. Individual users do not have a unique security profile.
...
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
If a user’s role does not have access to the dashboard when they login they will be taken to the report list page. A user with dashboard will be taken in to the dashboard page.
|
...
Content Folders
Styleclass | ||
---|---|---|
|
...
All content is managed through a similar security and categorisation infrastructure which is managed through the Content Folders.
...
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Rather than having to specify who is allow allowed to see a specific reports report, each time you create a new report, the security for the report is inherited from the sub folder of the item that is created.
|
...
Data Source Access Management
Styleclass | ||
---|---|---|
|
...
When setting up a source system in Yellowfin you can define which users have the rights to create views against the source as well as write SQL queries against the source.
...
The general rule for source system security is that it is used for controlling Yellowfin report writers that wish to create views against the source. It is through this process that a user could write reports against the source system and thereby gain unauthorised access to data.
See Managing a Data SourcesSource for more information.
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
If the HR system is to be setup as the source system any user with View Definition access will be able to view all tables including payroll data if the source is unsecure. By securing the source to only HR view builders, only those authorised users will be able to define and manage the HR related views.
Note: If there is only 1 Yellowfin report writers writer of your Yellowfin deployment, and no additional users writing SQL reports, then you may consider leaving your source systems unsecure |
...
. |
View Access Management
Styleclass | ||
---|---|---|
|
...
The main form of security for users creating reports and having access to views which allow allows them to write any report is through the VIEW security.
...
When a report is written or edited a user must connect to the view record to determine what fields are available to them. At this stage, security check is made to determine if the view that is being accessed is secure, and if so, does the user have the authority to access it.
...
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
The Finance view is created. Only the finance department is permitted to write finance view reports. In this case the view would be defined as secure and the finance users would be added into the access list with edit access.
|
...
Column Access & Restrictions
Styleclass | ||
---|---|---|
|
...
In some cases a view might be created that is designed for general use but some columns within that view are highly sensitive. For example the salary column in the human resources view holds data that is not for general consumption.
...
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
...
Access / Value Based Filters
Styleclass | ||
---|---|---|
|
...
In some cases a view might be created that is designed for general use but you only wish report consumers to access data from the view that is relevant for their position in the organisation – such as cost centre manager. In this case you would create an Access or Value based filter.
...
When writing a report you would specify that the cost centre filter must be used as the access filter. In this case the cost centre that the report reader owns will be passed in as a filter on the query. Only users with access filters defined will be able to see the data in their reports.
See Restricting Data with Access Filters for more information.
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
...
horizontalrule |
---|
Styleclass | ||
---|---|---|
|
...
...