Data Security

This applies to: Managed Dashboards, Managed Reports

Row-Level Security

User-based filtering of data or row-level security is supported using attributes that describe each logged-in user and can be used to filter the data they see. You can create your own custom attributes and assign values to user accounts or groups of users to use for filtering against a particular column, for example returning only data where the Region is North America for the appropriate users.

• Set up a security hierarchy based on custom attributes to completely hide non-applicable values from users, including in filters, while allowing for the option to use data cube storage options.

• You can also configure a transform in a data cube to filter the data according to an attribute such as account name or a custom attribute.

• Some data sources may already have row-level security set up. If you use impersonated Windows credentials or roles impersonation when creating the data connector, or if each user creates their own data connector with their own credentials, each user will see data according to the existing rules.

• Different data can be provided for different tenants using dedicated multi-tenancy features.

Column-Level Security

In version 26 and higher, you can set up column security privileges on each output element of a data cube. For the users and groups of users denied access, values will completely or partially masked or removed according to the specified settings.

Table-level and column-level security is also possible by preparing data connectors or data cubes to provide only the tables, columns, or cubes that should be accessible. Select data structures to include under a data connector, or columns to include in a data cube's select transform or process result. When connecting to an OLAP database, cube perspectives define a subset of measures and dimensions to be provided when using them. File security privileges can be used to provide read access to only the appropriate files for each user. DundasScript used for example in a data cube's calculated element can check the current session and the user's attributes or custom attributes to determine which values should be displayed depending on the user.

Metric sets have options to make use of measures for formulas or states, for example, but hide their values completely from users visualizing the result or exporting the data. If users should be able to visualize but not export data, you can also prevent export of metric sets or only certain measures or hierarchies.