Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Component Level Security


Published on

A closer look at SwiftKnowledge Component Level Security

  • Be the first to comment

  • Be the first to like this

Component Level Security

  1. 1. TECHNICAL NOTE SwiftKnowledge Component-Level Security™ A Unique Approach to True Security Granularity
  2. 2. TECHNICAL NOTE SwiftKnowledge Component-Level Security Executive Summary In today’s business climate where data proliferation is the norm, companies readily acknowledge the need to unlock their data’s hidden intelligence in order to outperform their competition. And successfully leveraging this data requires a comprehensive data management plan that features, among other things, data mining and business intelligence. Yet many IT organizations resist such initiatives because they harbor security concerns about exposing sensitive company data to these types of mining and analysis applications; this issue escalates when external as well as internal audiences require access to the data. They raise valid questions, such as: “Who should have access?” “Can I host all of my customer data in one database yet maintain differential security “Which data are users allowed to access?” access?” To address these concerns, SwiftKnowledge advocates securing data down to the individual cell—rather than just to the folder structure or report level. This tech note explains SwiftKnowledge’s cell-based granular security approach—an approach powered by our patented, Component-Level Security™ (CLS)—and the benefits it provides organizations with regards to flexibility and performance. This tech note also discusses how SwiftKnowledge addresses typical security issues surrounding the concept of multi-tenancy (multiple customer data stored within the same database and/or within the same application entry point), and sup- ports an organization’s overall needs relating to data security, object security and functionality security. 2
  3. 3. TECHNICAL NOTE SwiftKnowledge Component-Level Security SwiftKnowledge Component-Level Security— A Unique Approach to Data Security SwiftKnowledge’s patented CLS delivers targeted content, features and functionality according to centrally- defined user profiles and roles, and secures data granularly down to the individual cell, for maximum control that’s easy to maintain. The technology also maintains content access audit trails for regulatory compliance and supports multi-tenancy deployments for commercial BI SaaS applications. SwiftKnowledge CLS supports the needs of many large organizations that have complex, constantly changing, hierarchical reporting structures. For instance, a subordinate individual today may be promoted and then managing several individuals tomorrow. A sales manager wants detailed visibility on the performance of his team but also needs summarized performance information about the performance of his peers (while not seeing the details of that peer performance). SwiftKnowledge supports complex and evolving business organizations such as the one described above, allowing individuals who may not be security experts to set up secure access to their information assets. SwiftKnowledge security also is additive, meaning a user’s effective list of menu, data and functionality rights is determined by the rights of every group to which they belong. This feature is important because administrators can manage all access at a group level, rather than individually by user (this feature is illustrated later in this document, in the second to last image). The following sections describe the three main areas controlled by SwiftKnowledge CLS: menu (object) security, rights (functionality) security and data security. Menu Security The SwiftKnowledge menu is a primary means of navigating to content. Within the menu are folders and subfolders, and links to BI content, documents, and internal or external web site content. Generically speaking, these components all are viewed as “objects” from a security perspective and are managed by the SwiftKnowledge security in the same way. The following image shows the permissions dialog for a folder named “Site Management,” within which are several site management console options used by a SwiftKnowledge administrator to assign very granular access permissions. Currently, the security is set such that only members of the groups “Group Admin” and “Site Admin” can view any content existing in the “Site Management” folder. 3
  4. 4. TECHNICAL NOTE SwiftKnowledge Component-Level Security From here, one can add additional groups or users, and choose to assign access only at the current folder or to all sub-folders as well. An administrator also can assign access privileges to individual items within folders, so two users in the same group may experience varying degrees of overlap in the content they see and access in the same folder. While these components are visible and accessible to users of these groups, users cannot necessarily access all the possible features and functionality rights with a given object. This topic is discussed in more detail in the next section. 4
  5. 5. TECHNICAL NOTE SwiftKnowledge Component-Level Security Rights Security SwiftKnowledge’s web interface provides an extensive list of user rights equating to which functionality users are permitted to utilize when interacting with SwiftKnowledge reports. Rights can be assigned at a user or group level; the image to the left shows a list of available rights assignable to a group. Administrative rights (shown below) only can be assigned at a user level. As with menu security, a user’s effective rights are a sum of rights from the groups to which a user belongs, in addition to those assigned at the user level. At this point, combining only menu security and rights security goes a long way toward securing content in SwiftKnowledge, but true granular security at the data level—security that scales across the organization and beyond to customers or partners—results when menu and rights security is combined with data security. While securing data down to the cell level may not be required by all organizations, using SwiftKnowledge’s trio of menu-, rights- and data-level security provides a complete and robust security model unmatched by any other BI vendor in the industry. 5
  6. 6. TECHNICAL NOTE SwiftKnowledge Component-Level Security Data Security The final and most important piece of SwiftKnowledge CLS is security at the data level. Organizations can confidently secure data access down to the cell level when publishing reports, giving them unmatched security and greater efficiencies as well. A single report can be deployed to a group of users, with each individual user seeing only the data to which they have permissions to access (see below). Similarly, a single report showing product sales by territory may display different data based upon the report consumer. View for User A View for User B Note: Additionally, lower-level drilling is available for User A (depicted by the “+” icon next to the product categories) because that user right has been extended to User A, but not for User B. In the preceding example, two different product managers from a manufacturing company each are analyzing product sales by territory. Each user is viewing the same report, but the data populating the report and charts is tied to each user’s respective geography (User A – United Sates; and User B – France). This aspect of CLS eliminates the need to create different reports from different users and provides a consistent view of relevant data to users. In a multi-tenant approach, organizations striving to maximize their hardware investments and host all customer data in a single database can confidently do so with SwiftKnowledge, knowing CLS provides each customer with access only to their own data, while preventing access to any other data. The next series of diagrams illustrate CLS’ administrative interfaces, which are used to easily and effectively set data cell security. 6
  7. 7. TECHNICAL NOTE SwiftKnowledge Component-Level Security Group 1 Group 2 Group 1 can access Clothing (but not its subproducts) & United States; group 2 can access Bikes (and its subproducts) & France This report view is for a user who belongs to both group 1 and group 2— note the additive effect of the group security in overlaying data access 7
  8. 8. TECHNICAL NOTE SwiftKnowledge Component-Level Security Conclusion Information managers, DBAs, data stewards and even CIOs all are being driven toward better leverag- ing their sensitive data to maximize efficiencies, increase profit, contain costs, etc. – the list goes on. By definition, the diversity of these and other data applications require participation from virtually all areas of any organization, and perhaps even beyond it. Consequently, data security usually tops the list of the many concerns surrounding extending data access to broad and diverse groups. SwiftKnowledge CLS was created to be extensible and easy to configure. While CLS management is easily accomplished through a user-friendly interface, it also can be automated for bulk user/group loading of large numbers of users. Additionally, native authentication is provided by SwiftKnowledge yet can be eas- ily configured to use Active Directory, LDAP or any third-party authentication service. SwiftKnowledge CLS provides unrivaled granularity of security and minimizes concerns that surround deploying web-based BI content to intranet and extranet audiences. In addition, multi-tenancy at the database is becoming increasingly popular, especially in SaaS environments, and presents a compelling use case for which CLS is particularly well-suited. Regardless of the deployment specifications, SwiftKnowledge CLS can be easily configured to meet any organization’s security requirements. 11010 Prairie Lakes Drive, Suite 155 SwiftKnowledge, LLC is a global software provider of powerful, patented business intelligence (BI) technology delivering a breakthrough experience for business users which Eden Prairie MN 55344 drives strategic metrics and enables better decision-making throughout an organization. The SwiftKnowledge BI platform enables a new era of easy-to-use BI applications offering Tel: 952.832.0166 a revolutionary, ad-hoc analysis experience in web time and with a zero-footprint web deployment; with its patented Interactive Data Streaming™ (IDS) and Component-Level Security™ (CLS), SwiftKnowledge provides unmatched performance, scalability and security. The company’s unique approach and support for cloud computing-based deployments Fax: 952.832.0269 and applications provides a robust yet sustainable solution for organizations integrating BI into operational applications; seeking an easy-to-use tool for heavy, ad-hoc BI workloads; Toll free: 866.283.3405 and operating within the limitations of constrained IT resources. For more information, visit Email: © 2010 SwiftKnowledge. SwiftKnowledge and the SwiftKnowledge logo are registered trademarks or trademarks of SwiftKnowledge, LLC in the USA and other countries. All other trade names are the property of their respective owner.