Overview
This section describes the security framework available to you through Yellowfin. It has been set out so that the highest level security features are described first. For instance Access Roles are the highest and easiest to administer form of security whilst column level security is the most granular and by default the most complex to administer over a large user base deployment.
Roles & Functions
A role is a collection of available security functions. Each user will have a role associated with them. As the Yellowfin report writers you can either:
- Change a person’s role – and thus the type of access they have to the application or
- Change a role definition by adding or removing functions and thereby updating all users’ access to the system that share that role.
When a user is logged in the system checks that they are still registered in the application and if so what role they should have. Based on the role access the users interface will be dynamically built – only showing them links and functions that their role has access to.
See Roles for more information.
Content Folders
The security of your reports is managed at the folder and sub folder level, not at the individual item level. The purpose of this is to simplify the creation of reports in the system.
See Content Folders for more information.
Data Source Access Management
The general rule for source system security is that it is used for controlling Yellowfin report writers that wish to create views against the source. It is through this process that a user could write reports against the source system and thereby gain unauthorised access to data.
See Managing a Data Source for more information.
View Access Management
When a report is written or edited a user must connect to the view record to determine what fields are available to them. At this stage, security check is made to determine if the view that is being accessed is secure, and if so, does the user have the authority to access it.
The security on your view is the most rigorous in terms of managing access to the data that is stored in it. Not only can you control edit access but you can also control which users are permitted to read reports created from the specified view.
See View Options for more information.
Column Access & Restrictions
In this case you have two options.
- Create a copy of the view and exclude the salary column from this instance. Save the view with a new name to indicate that the view is free of sensitive data.
- Alternatively Yellowfin provides you with the opportunity to define the columns as restricted columns. Once this has been done an additional layer of security needs to be defined, which allows certain users access to the restricted columns of the selected view.
Note: security to restricted columns is globally defined. You cannot specify different users for separate restricted columns within the view.
Only users with restricted access will be able to see the item when creating reports. When an active report is run, restricted columns will be displayed to all users who have access to the report.
See Field Settings for more information.
Access / Value Based Filters
This is achieved by updating the source connection wizard to specify the available filters – such as cost centre and your users’ relationship to that source. You then specify the specific columns on the view that related to that source filter – e.g. you must indicate which column in the view is the cost centre column.
When writing a report you would specify that the cost centre filter must be used as the access filter. In this case the cost centre that the report reader owns will be passed in as a filter on the query. Only users with access filters defined will be able to see the data in their reports.
See Restricting Data with Access Filters for more information.