securing sensitive information data security dashboards often contain the most important data in the...
TRANSCRIPT
Securing Sensitive Information
Data Security
• Dashboards often contain the most important data in the company
• Securing that information makes business sense
• In some instances, securing certain information is required by law or contract
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
Securing Server Access
• Put CenterView server behind firewall– Only allow access to http port– Only run CV in that app server
• Protect CV Admin– Run Admin on separate App Server– Firewall blocks access to Admin port– To manage CV, administrators would need to
be behind firewall, or to VPN in
• Apache instructions
Server Access cont….
• Run App server over SSL– Encrypts all data transfers with CenterView– Step by step instructions for installing a
certificate from a certificate authority can be found at the certificate authority’s website (Verisign or Thawte, eg.)
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
Lock down CV Server DB
• CenterView Server database– Use own secured database, or– Password protect the installed postgres db
• Modify the Pgsql/data/pg_hba.conf file (Change ‘trust’ authentication method to ‘md5’, eg.)
– Change the password for the corda user: ALTER ROLE corda WITH PASSWORD 'somenewpassword';
• Change the password in the Administrator for the DF Query Cache and the Snapshot DB (and CenterView Server Database, if enabled)
CenterView Admin Settings
• Deploy in Production Mode
• Set HTML Console to Off– Change Console Key to something else
• Disallow displaying of status page
• Remove example dashboards (Dashboards page)
Named Users
• Named Users always have access CenterView Resources
• Two options for set up– Allow automatic assignment of a named user
on first login• Great when there are lots of people
– Manually select the users• May be preferred when there are a few executives
Self-Service Login
• Can only be used with CenterView Authentication
• Users can register themselves into the system
• Users can modify their own account identity settings– Change password– Set/Change email address– Recover password
Authentication Plug-in Access
• Active Directory plug-in shipped with CenterView
• Same plug-in for LDAP – may need some customization to use company scheme
• Tailor authorization to local environment by using the Auth Plugin API– Single sign-on– Business Objects– Salesforce– Directory is kept in database
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
Dashboard Security
• Dashboard level access– Limit access to logged in users– Limit access to users in a specific group
• Pages and KPIs level access– Limit access to users in a specific group
Server Script User
• isLoggedIn()
• isUserInGroup(groupName)– Used in conjunction with ‘if’ tag, in the same
place show different kpis for each group
• isAuthorized(kpi1.kpixml)
• Demo
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
Datafunnel Alias Override
• Username and password set in the datafunnel tag override the username and password set in the alias.
• An Auth plug-in could set custom variables that are the username and password for the database for that user
• Use these custom variables in the datafunnel tag to override the alias.
Database Access
• Business Objects – Login with BO Auth Plug-in– BO Auth Plug-in can supply groups– User in CenterView uses BO credentials in
datafunnel queries to BO Universe• Build your own report or run an existing report with
user granularity
setup
Database Access Cont…
• Salesforce.com– Setting up embedded dashboards in
salesforce– Privileges of the saleforce user are used in
querying Salesforce data
Securing Sensitive Information
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security