26 - Panorama Necto 14 data security - visualization & data discovery solution

Editor's Notes

• #2: 1
• #6: Necto Data Security has a hierarchy allowing the strongest security type to override the others Level 3 - Data Security is the Highest level of security and also the most granular area, anything set here overrides all else Level 2 - Applications is the 2nd level of security any thing set here over rides the Administration settings for Data Security but is irrelevant if Data Security is set Level 1 - Administration is the lowest (default) level of data security and is overridden by all other types, but is the starting point of your Data security.
• #9: Data Security Mode (Administration) – How data is filtered for users at Level 1 No Security –Necto users will not be restricted on the data that they see OLAP (Roles) – Active Directory users will have restrictions placed on their data viewing capabilities based on the roles that they are in on the OLAP cubes or the Users within the cubes OLAP (Users) – Active Directory users will have restrictions placed on their data viewing capabilities based on Dynamic security that is defined by the cube developers and administrators on the cube itself. Necto sends the Effective Username to the cube to identify the user uniquely and data is returned on this basis. This slows down Necto because a unique thread must be used for each user getting data but is very secure data wise. Necto – Windows users and Necto users will have restrictions placed on their data viewing capabilities based on definitions within Necto, You MUST define security restrictions in Level 3 Data Security if you use this option.
• #10: Data Security Mode (Applications) – How data is filtered for users at Level 2 For the most par the settings are the same as Level 1 but you can set a different security mode for each Application you setup within Necto Inherit – This is the default setting and means that the Application will take the security from the Application level 1 setting. No Security –Necto users will not be restricted on the data that they see OLAP (Roles) – Active Directory users will have restrictions placed on their data viewing capabilities based on the roles that they are in on the OLAP cubes or the Users within the cubes OLAP (Users) – Active Directory users will have restrictions placed on their data viewing capabilities based on Dynamic security that is defined by the cube developers and administrators on the cube itself. Necto sends the Effective Username to the cube to identify the user uniquely and data is returned on this basis. This slows down Necto because a unique thread must be used for each user getting data but is very secure data wise. Necto – Windows users and Necto users will have restrictions placed on their data viewing capabilities based on definitions within Necto, You MUST define security restrictions in Level 3 Data Security if you use this option.
• #11: Data Security Mode (Data Security) – How data is filtered for users at Level 3 Here you setup security roles, to these you can add specific users or User roles. Mode and Scope – for each security role you can set the security mode No Security –Necto users will not be restricted on the data that they see OLAP (Roles) – Active Directory users will have restrictions placed on their data viewing capabilities based on the roles that they are in on the OLAP cubes or the Users within the cubes OLAP (Users) – Active Directory users will have restrictions placed on their data viewing capabilities based on Dynamic security that is defined by the cube developers and administrators on the cube itself. Necto sends the Effective Username to the cube to identify the user uniquely and data is returned on this basis. This slows down Necto because a unique thread must be used for each user getting data but is very secure data wise. Necto – Windows users and Necto users will have restrictions placed on their data viewing capabilities based on definitions within Necto, You MUST define security restrictions in Level 3 Data Security if you use this option. Additionally you can set the scope of the security role Based on an OLAP model / cube or a Necto model Within this you may specify the level of granularity OLAP data source, Database, Model
• #12: Data Security Mode (Data Security) – How data is filtered for users at Level 3 Data access rights – Are split in to three sub-categories Web Service (Sub Level 3) – The highest level it will override all others Custom Restriction (Sub Level 2) – Mid level that overrides Dimension restriction Dimension Restriction (Sub Level 1) – Lowest level but the most commonly used
• #13: Data Security Mode (Data Security) – How data is filtered for users at Level 3 Dimension Restriction (Sub Level 1) – Lowest level but the most commonly used Choose the Dimension you want to place a restriction upon Choose members of the dimension to restrict Choose the restriction type Allow drill down Allow drill down, show ancestors Hide members No drill down, hide parent members No drill down, show parent members Choose where to apply the restriction Current model Current database Current server
• #14: Show MDX is very useful
• #15: Data Security Mode (Data Security) – How data is filtered for users at Level 3 Custom Restriction (Sub Level 2) – Advanced topic Use MDX to write Custom restrictions for security, this is a very advanced topic and should only be attempted by Admins or cube designers familiar with MDX and the SDK security model
• #16: Data Security Mode (Data Security) – How data is filtered for users at Level 3 Web Service Restriction (Sub Level 3) – Advanced topic This mode is intended for organizations using their own security mechanism and serves to connect to the external security settings. Enter the web service URL for the page Necto should call when the users try to access the defined data scope. Enter the parameters you want to pass to this page.
• #18: 17