Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business.

Similar presentations


Presentation on theme: "Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business."— Presentation transcript:

1

2 Securing Sensitive Information

3 Data Security Dashboards often contain the most important data in the company Securing that information makes business sense In some instances, securing certain information is required by law or contract

4 Overview Securing External Access to CenterView Server Server-wide CenterView Settings Dashboard Settings Data Security

5 Overview Securing External Access to CenterView Server Server-wide CenterView Settings Dashboard Settings Data Security

6 Securing Server Access Put CenterView server behind firewall –Only allow access to http port –Only run CV in that app server Protect CV Admin –Run Admin on separate App ServerRun Admin on separate App Server –Firewall blocks access to Admin port –To manage CV, administrators would need to be behind firewall, or to VPN in Apache instructions

7 Server Access cont…. Run App server over SSL –Encrypts all data transfers with CenterView –Step by step instructions for installing a certificate from a certificate authority can be found at the certificate authority’s website (Verisign or Thawte, eg.)

8 Overview Securing External Access to CenterView Server Server-wide CenterView Settings Dashboard Settings Data Security

9 Lock down CV Server DB CenterView Server database –Use own secured database, or –Password protect the installed postgres db Modify the Pgsql/data/pg_hba.conf file (Change ‘trust’ authentication method to ‘md5’, eg.)pg_hba.conf file –Change the password for the corda user: ALTER ROLE corda WITH PASSWORD 'somenewpassword'; ALTER ROLE Change the password in the Administrator for the DF Query Cache and the Snapshot DB (and CenterView Server Database, if enabled)

10 CenterView Admin Settings Deploy in Production Mode Set HTML Console to Off –Change Console Key to something else Disallow displaying of status page Remove example dashboards (Dashboards page)

11 Named Users Named Users always have access CenterView Resources Two options for set up –Allow automatic assignment of a named user on first login Great when there are lots of people –Manually select the users May be preferred when there are a few executives

12 Self-Service Login Can only be used with CenterView Authentication Users can register themselves into the system Users can modify their own account identity settings –Change password –Set/Change email address –Recover password

13 Authentication Plug-in Access Active Directory plug-in shipped with CenterView Same plug-in for LDAP – may need some customization to use company scheme Tailor authorization to local environment by using the Auth Plugin API –Single sign-on –Business Objects –Salesforce –Directory is kept in database

14 Overview Securing External Access to CenterView Server Server-wide CenterView Settings Dashboard Settings Data Security

15 Dashboard Security Dashboard level access –Limit access to logged in users –Limit access to users in a specific group Pages and KPIs level access –Limit access to users in a specific group

16 Server Script User isLoggedIn() isUserInGroup(groupName) –Used in conjunction with ‘if’ tag, in the same place show different kpis for each group isAuthorized(kpi1.kpixml) Demo

17 Overview Securing External Access to CenterView Server Server-wide CenterView Settings Dashboard Settings Data Security

18 Datafunnel Alias Override Username and password set in the datafunnel tag override the username and password set in the alias. An Auth plug-in could set custom variables that are the username and password for the database for that user Use these custom variables in the datafunnel tag to override the alias.

19 Database Access Business Objects –Login with BO Auth Plug-in –BO Auth Plug-in can supply groups –User in CenterView uses BO credentials in datafunnel queries to BO Universe Build your own report or run an existing report with user granularity setup

20 Database Access Cont… Salesforce.com –Setting up embedded dashboards in salesforceSetting up embedded dashboards in salesforce –Privileges of the saleforce user are used in querying Salesforce data querying Salesforce data

21 Securing Sensitive Information Securing External Access to CenterView Server Server-wide CenterView Settings Dashboard Settings Data Security

22


Download ppt "Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business."

Similar presentations


Ads by Google