Training Module:
Security
Learn how to configure security for all Instances, with granular control
to grant customized access rules and roles in your organization.
Table of ContentS
ODX Security
go to Table of Contents
ODX User Permissions
If you plan to provide user access to the ODX storage,
you may want to give them access to some of the data,
but maybe not all of it...
ODX allows customized, granular control of user access to the data in your ODX Storage. This can be a critical step for those working with sensitive data.
Imagine you are working as an IT Administrator, with colleague (data engineer) to integrate and analyze Human Resources (HR) data sources. There would likely be a few tables (e.g. “employee_salaries”) that shouldn’t be able to be accessed by this developer, though the rest of the data needs to be accessed by the data engineer, for their tasks.
In this case, the IT Admin could grant access to the data source in the Portal, but then to create a “Role” for the Data Engineer without access to the tables in question.
Custom User Permissions by Table, Schema, and Column (ODX)
MDW Security
go to Table of Contents
data area (MDW, DSA) Security
If you plan to provide user access to the Data Areas,
you may want to give them access to some of the data,
but maybe not all of it...
Object-Level Security (OLS) in Data Area
Similar to the ODX, the Data Area (MDW, DSA, etc.) object-level security allows you to provide granular control over User Permissions to data objects in the MDW storage by Selecting a group of users (Role) and giving them access to specific Tables, Views, Columns, or even Schemas.
In practice, it is common for IT teams and security administrators, to not provide User Access to the ODX Storage, but to provide access to the Data Areas. TimeXtender strives to provide you total control over your data, and so there is feature parity with the ODX’ Role-based security access pattern. For example, data engineers “likely” should not have access to employee health information, unless it is central to their work and responsibilities.
Row-Level Security (RLS) in Data Area
MDW row-level security give users the ability to dynamically give users’ access only to specific rows in a table based on rules that you define.
For example, Sales Managers in North America can only see Sales bonuses for Salespeople in the North America region. However, since there is Row-Level Security (RLS) functionality in the Semantic Models, which is more commonly how non-developers would access the data.
add or edit SQL Server logins (MDW)
Adding a database role (MDW)
object-level security (MDW)
Permissions for database roles can be set on objects for database to create object level security. TimeXtender uses the same allow/deny settings as SQL Server. Not set (gray dot), Grant (green with a white checkmark) and Deny (red with white bar)
Please see here for more information Object Level Security .
row-level security
assign row-level permissions (MDW)
apply row level permissions (MDW)
Please see here for more information on Row-level security.
Semantic Model Security
go to Table of Contents
Security in ssl
If you plan to provide user access to the Semantic Models,
you may want to give them access to some of the data,
but maybe not all of it...
Model-Level Security (OLS) in Semantic Models & Endpoints
Similar to MDW row-level security, Dynamic Security in the Semantic models enables you to give users access to specific data in the model based on rules that you define. Model-Level Security is configured by creating a role that is not associated to any row-level security setup, and then associating that role to an endpoint. This association will grant full access to the endpoint for all the members of that role.
Row-Level Security (RLS) in Semantic Endpoints and
A Row-Level Security (RLS) is created under a specific field and specifies which field values that the role will have access to, which also means that the role will not have access to data that is related to the field values that are not specified as part of the setup. In this way, roles and row-level security setups work together to provide a security layer to the semantic model based on the identity of the user that is accessing it.
For example, Sales Managers in North America can only see Sales bonuses for Salespeople in the North America region.
model-level security
add a role (SSL)
Map a role to an endpoint (SSL)
Please see Semantic Model-level and Row-level Security to learn more.
Section Quiz...
Planning to take the Solution Architect exam? Then you want to be sure these questions are easy to answer.
True or False:
In the Desktop application, granular control over ODX storage is supported, such as tables, schemas, and columns?
True or False:
Row-Level Security (RLS) can be configured in both MDW and SSL Instances?
The ODX supports granular, custom, User Permissions for the data in the ODX Storage?
When you're ready, see Answers Below
Section Quiz Answers
Planning to take the Solution Architect exam? Then you want to be sure these questions are easy to answer.
True or False:
In the Desktop application, granular control over ODX storage is supported, such as tables, schemas, and columns?
True, the ODX does allow for more granular customization in data access, within the Desktop application.
True or False:
Row-Level Security (RLS) can be configured in both MDW and SSL Instances?
True, both Data Areas and Semantic Models can be configured with RLS.
The ODX supports granular, custom, User Permissions for the data in the ODX Storage, right?
Yes, it does. The ODX supports granular and customized User access to Tables, Schemas, and Columns on data sources.
want to Learn even more?
Learn even more data loading techniques from TimeXtender Tuesdays
Congratulations! You've completed the training module
Security