3. • Imagine you have a door with a
keypad lock like this
• Codes
• Shared by all
• Per employee
• Shared by department
• Implications when somebody
moves on
4. • Now imagine the other side of the
door has a keypad as well
• For anybody to get in, the
employee and somebody on the
other side need to punch in the
same code
• This parallels the first layer of
security within Bezlio…letting
users in the door
5. How This Ties To Bezlio
1. Generate a code within
Bezlio on the Data tab:
6. Server Setup
• Now for setting up the server side
• BRDB is the “person on the other side of the door” permitting
access
• Only needs to be installed once, but needs to know all of the
codes
• Note that it can be installed multiple times for:
• Multiple private networks (i.e. different doors)
• Redundancy
• Requirements
• .Net 4.6.1
• Chrome Browser
7.
8. Server Setup
• After installation, start the service called ‘Bezlio Remote Data
Broker’
• Now open up Chrome and navigate to http://localhost:3600
(unless you changed that during setup)
9.
10. Server Setup
• Now they are in the door
• Next let’s determine what they are allowed to do
• Many factors:
• Which plugins were installed?
• How are these plugins configured?
• What plugin instances is this code authorized for?
• Have you permitted direct plugin access?
• Are any dynamic filters being added on the data?
11. Which Plugins Were Installed?
• During installation, check the boxes of plugins you want for our
distributed plugins
• Re-run installer at any time to change installed
• Non distributed plugins and source for all is available at
https://github.com/bezlio/bezlio-plugins
• A plugin is installed when it’s DLL (and possibly config) are
placed into the folder C:Program Files (x86)Bezlio Remote
Data BrokerPlugins and the service is restarted
12. How Are These Plugins Configured
• Since plugins are an open architecture, each may have unique
needs when it comes to configuration
• See https://github.com/bezlio/bezlio-plugins for documentation
per plugin on these configuration details
• We will use SQL Server as an example here
13. SQL Server Plugin
• Edit C:Program Files (x86)Bezlio Remote Data
BrokerPluginsSQLServer.dll.config in text editor of choice
• Two elements are defined in this file:
• Directory locations where you intend to store your query files that are
permitted by connection ID
• Connection details for each of the databases you wish to expose
• Note we only support SQL Server Authentication at this point (no Active Directory
accounts)
• Format of this file is XML with embedded JSON strings to define
values
17. SQL Server Plugin
How this presents to the user (assuming direct plugin access described in a moment):
18. SQL Server Plugin - Takeaway
• Users can only run the queries you have predefined them being
able to run
• NO arbitrary SQL
• They can only run them against the databases you have
pointed to using the credentials you have specified
• Every SQL folder and connection is available for selection
within the wizards
19. What Plugin Instances Are Authorized?
• A plugin instance allows you to create a friendly name for a
plugin and pre-fill in all of the bits you don’t want users to have
to bother with
• Only the fields you leave blank will be prompted for
• These plugin instances can be locked down to specific
connection IDs
• Currently - do not use spaces or special characters in the
name. We suggest kabob-case:
• your-plugin-instance-name
20.
21. What Plugin Instances Are Authorized?
• You do not need to
restart BRDB, but it
may take a minute
before it is fully
synced up
25. Have You Configured Direct Plugin Access?
• By default direct plugin access is enabled
• This means users will see the plugins listed as resources and
need to “fill in all of the blanks”
• For example, when enabled all users on this BRDB server could
see all SQL folders and connections
• You could break up security with multiple BRDB servers serving
different user groups
28. Are Any Dynamic Data Filters In Place?
• Supported by any plugin that utilizes .SQL files
• Special “variables” can be used within .SQL to filter down data
• Act as a “find and replace” so can be used anywhere within
.SQL file
• Be mindful of quotes – if the data it replaces needs enclosed in single
quotes, variable does too
• Populated within parameters from Bezlio portal
32. Special Values
• bezl.env.currentUser: The e-mail address of the logged in
Bezlio user
• bezl.env.currentUserName: The first and last name of the
logged in Bezlio user.
• bezl.env.currentLat: The current latitude (via GPS) of the logged
in user.
• bezl.env.currentLng: The current longitude (via GPS) of the
logged in user.
33. Bonus Tip: Arbitrary SQL
• The SQL Plugin does not by default allow arbitrary SQL
• This was a security design concept
• If you prefer otherwise, just make a plugin instance with
variables: