09 necto architecture_ready
DESCRIPTION
TRANSCRIPT
![Page 1: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/1.jpg)
Necto TrainingModule 9: Necto Architecture and Security
![Page 2: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/2.jpg)
Agenda
Necto ArchitectureNecto Security
![Page 3: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/3.jpg)
Server Architecture
![Page 4: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/4.jpg)
Prerequisites
Windows 2008
Necto Software
Necto Server
Customer DataData Warehouse
Analysis Server
IIS
Client
Necto Server
![Page 5: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/5.jpg)
BI Services
Windows 2008
Necto Software
Necto Server
Customer DataData Warehouse
Analysis Server
BI Server
NovaView.aspx
IIS
Necto Server
Client
BI CalculationsBI Display
![Page 6: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/6.jpg)
Administrative Services
Windows 2008
Necto Software
Necto Server
Customer DataData Warehouse
Analysis Server
BI Server
Admin ServerSocial
NovaView.aspx
Admin Web Services
IIS
Necto Server
Client
Administration of:• Workboard trees• Social• Users and roles• Etc.
![Page 7: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/7.jpg)
Necto Server Data Calculation and Storage
Windows 2008
SQL Express
Necto Software
Necto Server
Necto DB
Necto Calculations Server/s
SQL Server
BI Server
Admin ServerSocial
NovaView.aspx
Admin web services
IIS
Necto Server
Client
Both BI and Admin servers use this work area
Can use SQL express installed with Necto
or
Recommended: separate SQL servers
![Page 8: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/8.jpg)
Universal Data Connector (UDC)
SQL
Windows 2008
Necto Software
Necto Server
Customer dataData WarehouseUDC
LB
Analysis Server
Analysis Services instance
UDC
BI Server
Admin ServerSocial
NovaView.aspx
Admin Web Services
IIS
Necto Server
Client
Data Sources
Provides connection to additional data sources
Performs load balancing of UDC requests
Creates and updates cubes
![Page 9: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/9.jpg)
Necto Architecture Summary
SQL
Windows 2008
SQL Express
Necto Software
Necto Server
Customer DataData WarehouseUDC
LB
Necto DB
Necto Calculations Server/s
Analysis Server
Analysis Services instance
SQL Server
UDC
BI Server
Admin ServerSocial
NovaView.aspx
Admin Web Services
IIS
Necto Server
Client
Data Sources
![Page 10: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/10.jpg)
Security
![Page 11: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/11.jpg)
Security Overview Content Security
Data (OLAP ) Security
Roles
• Which portions of the data will be available
• Defined in terms of Dimensions and Members
Users
• Which workboards will be available
• Can be implemented by user name or by the role the user belongs to
![Page 12: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/12.jpg)
Content Security
OLAP Security
Roles
Users
Data (OLAP ) Security
![Page 13: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/13.jpg)
Data (OLAP) Security
Users are added to roles in a SSAS cubeRoles specify which objects and members will be available to usersUsers must be part of an Active Directory domain and imported into Necto Dashboard
OLAP Domain Users
Roles
User
Groups
UserUser
![Page 14: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/14.jpg)
Users and Roles
Roles
NectoOLAP Domain Users
Roles
User
Groups
UserUser
Domain Users
Import
Groups
Roles can be added manually
When an active directory user logs into Necto – a user is created in Necto
Server Users
From Necto Server
Necto Users
Manually defined
![Page 15: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/15.jpg)
Data (OLAP) Security
Users are added to roles in a SSAS cubeRoles specify which objects and members will be available to usersUsers must be part of an Active Directory domain and imported into NovaView DashboardNecto and Server users can be mapped to domain users
For example: a guest user
Roles
Necto
Server Users
Domain Users
Necto Users
Groups
![Page 16: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/16.jpg)
Role vs. User Based Security
Users
Content Security
Data (OLAP ) Security
RolesBoth security methods can be implemented per role or per user.What should I use?
![Page 17: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/17.jpg)
Analysis Server
Role vs. User Based Security
Connection to data source is defined by:Server, database, cube, security (Role or User)
Role-based security enables reuse of connection
Better efficiency of Necto and AS
Necto Server
![Page 18: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/18.jpg)
Content Security
Data (OLAP ) Security
Roles
Users
Content Security
![Page 19: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/19.jpg)
Content Security
Public WorkboardsAccess rights (permissions) are assigned by administrator per role
Private foldersPer userUser can share with users or roles
Shared folders of other users
Best Practice:• Public folders – view-only for most
users• Users should create new
workboards in their private folder
![Page 20: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/20.jpg)
Content Permissions Levels
Name Weight Description
Admin 5All administrative rights, including giving rights to others
Deny 4The user will see that the workboard existsbut will not be able to view it
Write 3User will be allowed to change and edit the workboard
Read 2 View only
Hidden 1
The user will not see that the Workboard existsTherefore will not be able to access it
None 0No permission has been assigned. Permissions will be inherited from parent folder
![Page 21: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/21.jpg)
Role A = Permission Admin
User James Part of Role A
Permission = Inherit Admin
Admin 5
Deny 4
Write 3
Read 2
Hidden 1
None 0
Role A
![Page 22: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/22.jpg)
Role A = Permission Admin
Breaking InheritanceIf Same Role Take Last, Unless Admin
Permission – Inherit Admin
Role A = Permission Hidden
Role A = Permission Read
Permission – Inherit Hidden
Role A = Permission Hidden
Role A = Permission Read
Permission – Inherit Deny
Role A = Permission Deny
Same Role, Take Last, Unless Admin
Same Role, Take Last
Same Role, Take Last
Admin 5
Deny 4
Write 3
Read 2
Hidden 1
None 0
![Page 23: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/23.jpg)
Role A = Permission Admin
Combining Hierarchies – User James is Member of Role A & B
Permission – Inherit Admin
Role B = Permission Hidden
Role A = Permission Read
Permission – Inherit Read
Role B = Permission Hidden
Role A = Permission Read
Permission – Inherit Deny
Role B = Permission Deny
MAX(Admin, Hidden)
MAX(Read, Hidden)
MAX(Read, Deny)
Admin 5
Deny 4
Write 3
Read 2
Hidden 1
None 0
Role ARole B
![Page 24: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/24.jpg)
Role A = Permission Hidden
Breaking & Combining HierarchiesFirst Break Then Combine
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role A = Permission Admin
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role B = Permission Admin
Role B = Permission Admin
Role B = Permission Read
Role B = Permission Hidden
Role B = Permission Deny
Role C = Permission Read
Role C = Permission Hidden
Role B = Permission Read
Admin 5
Deny 4
Write 3
Read 2
Hidden 1
None 0
![Page 25: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/25.jpg)
Remove
Remove any role that James is not a part of
![Page 26: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/26.jpg)
Role A = Permission Hidden
Removing Role C“James is a Member of Role A & B”
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role A = Permission Admin
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role B = Permission Admin
Role B = Permission Admin
Role B = Permission Read
Role B = Permission Hidden
Role B = Permission Deny
Role C = Permission Read
Role C = Permission Hidden
Role B = Permission Read
Admin 5
Deny 4
Write 3
Read 2
Hidden 1
None 0
![Page 27: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/27.jpg)
Break Hierarchy
In each role use Thumb Rule 1: Break Hierarchy
“Use last folder permission unless Root = Admin”
![Page 28: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/28.jpg)
Role A = Permission Hidden
Breaking Hierarchies“Use last folder permission unless Root = Admin”
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role A = Permission Admin
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role B = Permission Admin
Role B = Permission Admin
Role B = Permission Read
Role B = Permission Hidden
Role B = Permission Deny
Role B = Permission Read
Role A = Permission Deny
Role B = Permission Admin
Admin 5
Deny 4
Write 3
Read 2
Hidden 1
None 0
![Page 29: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/29.jpg)
Combine
The highest permission is selected
![Page 30: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/30.jpg)
Role A = Permission Hidden
Combining Hierarchies”The highest permission is selected”
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role A = Permission Admin
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role B = Permission Admin
Role B = Permission Admin
Role B = Permission Read
Role B = Permission Hidden
Role B = Permission Deny
Role B = Permission Read
Role A = Permission Deny
Role B = Permission Admin
Admin 5
Deny 4
Write 3
Read 2
Hidden 1
None 0
![Page 31: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/31.jpg)
Role A = Permission Hidden
Breaking & Combining HierarchiesFirst Break, Then Combine
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role A = Permission Admin
Role A = Permission Read
Role A = Permission Hidden
Role A = Permission Deny
Role B = Permission Admin
Role B = Permission Admin
Role B = Permission Read
Role B = Permission Hidden
Role B = Permission Deny
Role B = Permission Read
Permission – Inherit Admin
Admin 5
Deny 4
Write 3
Read 2
Hidden 1
None 0
![Page 32: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/32.jpg)
Summary
In this lesson you have learned about:
Necto ArchitectureNecto Security
![Page 33: 09 necto architecture_ready](https://reader034.vdocuments.net/reader034/viewer/2022051514/54846353b4af9fb90f8b45dc/html5/thumbnails/33.jpg)
Thank youAny Questions?