Security policy is a set of rules that determine methods and level of application system's security and regulatory access permissions for system objects. The security policy contains parameters that have global effect on the system security level. A security level for specific objects is determined by means of access control methods.
Setting up Foresight Analytics Platform security policy is used for the system administrator who maintains the system.
Security subsystem controls three vital system processes: registration of new users in the system, control of users' access to system objects and auditing users' access to system objects. The security subsystem also stores and controls the observance of security policy selected by the system administrator.
Information on access permissions is divided into:
User privileges. General actions that a user is allowed (or denied) to execute. For example, creating new users, changing security subject permissions, viewing access protocol, and so on.
Object permissions. Operations with system objects that a user is allowed (or denied) to execute. For example opening a report in the read mode, editing table data, and so on.
Permission and privilege owners are security subjects — users and groups of users.
Control over user actions in the system means checking if the user has a privilege necessary to execute these operations. Control of users accessing objects and executing various operations with them is executed by checking for the presence of permissions necessary to execute specific operations with objects.
Security model determines a set of tools, preventing unauthorized access to application systems and providing methods of separating subject's access to application system objects, subject authentication principles, principles of auditing their activities within the system, control of integrity of the software system and of the stored information. Foresight Analytics Platform security model objects include all repository objects: folders, tables, queries, views, dimensions, cubes, reports, forms, and so on. Access to objects is regulated with access control methods.
NOTE. The Navigator section in the web application enables the user to work with the following object types: dashboard, regular report, express report (OLAP), workbook, modeling container, modeling problem, time series, cubes, MDM repositories, table MDM dictionaries, ADOMD catalogs.
To set up security policy:
Select and set up access control methods.
Create user accounts.
Create groups of users.
Distribute privileges for security subjects.
Set up object access permissions.
Set up auditing of actions for security subjects.
NOTE. For repository based on SQLite it is available only to set up actions auditing of security subjects and to view access protocol.
On changing access control methods, object access permissions and simultaneous user work in the object navigator use update to keep security policy and system objects updated.
To update the security manager active section:
In the desktop application:
Select the Repository > Update main menu item.
Click the Update Security Settings button on the toolbar.
Press F5.
In the web application:
Click the Update button on the toolbar.
After executing the operations security settings and system objects will be updated.
See also:
Getting Started with Security Manager | Selecting Access Control Methods and Their Setup | Creating User Accounts and Working with Them