A Unique Approach to
True Security Granularity
In today’s business climate where data proliferation is the norm, companies readily acknowledge the
need to unlock their data’s hidden intelligence in order to outperform their competition. And successfully
leveraging this data requires a comprehensive data management plan that features, among other things,
data mining and business intelligence.
Yet many IT organizations resist such initiatives because they harbor security concerns about exposing
sensitive company data to these types of mining and analysis applications; this issue escalates when
external as well as internal audiences require access to the data. They raise valid questions, such as:
“Who should have access?” “Can I host all of my customer data in one
database yet maintain differential security
“Which data are users allowed to access?”
To address these concerns, SwiftKnowledge advocates securing data down to the individual cell—rather
than just to the folder structure or report level. This tech note explains SwiftKnowledge’s cell-based granular
security approach—an approach powered by our patented, Component-Level Security™ (CLS)—and the
benefits it provides organizations with regards to flexibility and performance. This tech note also discusses
how SwiftKnowledge addresses typical security issues surrounding the concept of multi-tenancy (multiple
customer data stored within the same database and/or within the same application entry point), and sup-
ports an organization’s overall needs relating to data security, object security and functionality security.
SwiftKnowledge Component-Level Security—
A Unique Approach to Data Security
SwiftKnowledge’s patented CLS delivers targeted content, features and functionality according to centrally-
defined user profiles and roles, and secures data granularly down to the individual cell, for maximum
control that’s easy to maintain. The technology also maintains content access audit trails for regulatory
compliance and supports multi-tenancy deployments for commercial BI SaaS applications.
SwiftKnowledge CLS supports the needs of many large organizations that have complex, constantly
changing, hierarchical reporting structures. For instance, a subordinate individual today may be promoted
and then managing several individuals tomorrow. A sales manager wants detailed visibility on the performance
of his team but also needs summarized performance information about the performance of his peers
(while not seeing the details of that peer performance).
SwiftKnowledge supports complex and evolving business organizations such as the one described above,
allowing individuals who may not be security experts to set up secure access to their information assets.
SwiftKnowledge security also is additive, meaning a user’s effective list of menu, data and functionality
rights is determined by the rights of every group to which they belong. This feature is important because
administrators can manage all access at a group level, rather than individually by user (this feature is
illustrated later in this document, in the second to last image).
The following sections describe the three main areas controlled by SwiftKnowledge CLS: menu (object)
security, rights (functionality) security and data security.
The SwiftKnowledge menu is a primary means of navigating to content. Within the menu are folders and
subfolders, and links to BI content, documents, and internal or external web site content. Generically
speaking, these components all are viewed as “objects” from a security perspective and are managed by
the SwiftKnowledge security in the same way.
The following image shows the permissions dialog for a folder named “Site Management,” within which
are several site management console options used by a SwiftKnowledge administrator to assign very
granular access permissions. Currently, the security is set such that only members of the groups “Group
Admin” and “Site Admin” can view any content existing in the “Site Management” folder.
From here, one can add additional groups or users, and choose to assign access only at the current
folder or to all sub-folders as well. An administrator also can assign access privileges to individual items
within folders, so two users in the same group may experience varying degrees of overlap in the content
they see and access in the same folder. While these components are visible and accessible to users of
these groups, users cannot necessarily access all the possible features and functionality rights with a
given object. This topic is discussed in more detail in the next section.
SwiftKnowledge’s web interface
provides an extensive list of user
rights equating to which functionality
users are permitted to utilize when
interacting with SwiftKnowledge
reports. Rights can be assigned at
a user or group level; the image
to the left shows a list of available
rights assignable to a group.
Administrative rights (shown
below) only can be assigned at a
user level. As with menu security,
a user’s effective rights are a sum
of rights from the groups to which
a user belongs, in addition to
those assigned at the user level.
At this point, combining only menu security and rights security goes
a long way toward securing content in SwiftKnowledge, but true
granular security at the data level—security that scales across the
organization and beyond to customers or partners—results when
menu and rights security is combined with data security.
While securing data down to the cell level may not be required by all organizations,
using SwiftKnowledge’s trio of menu-, rights- and data-level security provides a complete
and robust security model unmatched by any other BI vendor in the industry.
The final and most important piece of SwiftKnowledge CLS is security at the data level. Organizations
can confidently secure data access down to the cell level when publishing reports, giving them unmatched
security and greater efficiencies as well. A single report can be deployed to a group of users, with each
individual user seeing only the data to which they have permissions to access (see below). Similarly, a single
report showing product sales by territory may display different data based upon the report consumer.
View for User A View for User B
Note: Additionally, lower-level drilling is available for User A (depicted by the “+” icon next to the product
categories) because that user right has been extended to User A, but not for User B.
In the preceding example, two different product managers from a manufacturing company each are
analyzing product sales by territory. Each user is viewing the same report, but the data populating the
report and charts is tied to each user’s respective geography (User A – United Sates; and User B – France).
This aspect of CLS eliminates the need to create different reports from different users and provides a
consistent view of relevant data to users.
In a multi-tenant approach, organizations striving to maximize their hardware investments and host all
customer data in a single database can confidently do so with SwiftKnowledge, knowing CLS provides
each customer with access only to their own data, while preventing access to any other data. The next
series of diagrams illustrate CLS’ administrative interfaces, which are used to easily and effectively set
data cell security.
Group 1 Group 2
Group 1 can access Clothing (but not its subproducts) & United States; group 2 can access Bikes
(and its subproducts) & France
This report view is for a user who belongs to both group 1 and group 2—
note the additive effect of the group security in overlaying data access