Yellowfin provides a security plan to ensure that code in Code Mode is edited by trusted users. Administrators must first turn on Code Mode via specific configurations, and then provide the correct role function to trusted users to allow them to edit code. Note that both of these settings are disabled by default, and must be enabled for Code Mode.
Note: these settings provide control to users who want to edit or add code via Code Mode. Any functionality added via this feature can be ‘consumed’ by users of the dashboard, regardless of their code editing role function.
Below are step-by-step instructions for each.
Code Mode configurations need to be enabled to edit dashboard code, and run dashboards that were edited in Code Mode. Dashboards that were edited in Code Mode will not run any custom HTML and JavaScript content (a placeholder appears in place of custom coded content), or apply any CSS styling if the Code Mode configuration is disabled for that instance of Yellowfin.
Follow the steps below to enable the Code Mode configurations.
Enable the Code Mode role function for trusted users.
This should only be available to trusted developers and coders as it allows users to add any executable code, including potentially malicious code. |
If the Code Mode configuration is turned off, code editors will still be able to see the dashboard or presentation code, but now edit it. A warning message will let them know that the editor is in read only mode.