The Ad Hoc Reporting Resource

« What Makes Ad Hoc Reporting Software Easy to Use? | Main | Ad Hoc Heat Maps and Visualization Tools: What Makes Them Easy to Create »

February 17, 2009

Understanding Data Security in Ad Hoc Reporting

The issue of who gets access to data and information is an important and often delicate matter, especially with ad hoc reporting. Unauthorized access to sensitive information by unwanted parties can lead to a variety of obvious problems. It is therefore essential to equip a reporting and analysis solution with a powerful security model. The best ad hoc reporting security models are built on two key concepts: user authentication and user authorization. In turn, user authorization employs roles, permissions and rights to control what data or records users can see.

What is data security?

Within a reporting and analysis environment, data security is the ability to control who can access specific types of data and information. In a typical organization, for instance, sales reps have access to sales numbers, but only the sales manager and human resources may view the reps' salary and bonus information. For it to be so, the system administrator must use or build a filter that enables him to grant and restrict access to different personnel depending on their role.

The two main requirements for an effective security model are flexibility and, of course, data security. The model must both conform to strict security parameters and afford the company enough flexibility to support the special needs of the organization using the system.

Let's take a close look at how the issue of security is handled by good ad hoc reporting solutions.

Robust ad-hoc reporting security models

The security models in the more robust ad hoc reporting applications can work in three main ways:

1 - By taking advantage of the user and role/group infrastructure built into the Microsoft Windows operating system, including NT, IIS, Active Directory, LDAP domain security
2 - By integrating with any preexisting, custom security structure a company may have, although users and roles also have to be created in the ad hoc reporting solution. This, however, can be done automatically via APIs, so that the administrator has to maintain only one database.
3 - By defining roles and users in the solution's metadata database

In any of these cases, the security model is built around two key concepts: user authentication and user authorization.

Authentication: Who is the User?

Authentication is the process of identifying--or authenticating--the digital identity of the user logging in. Authentication in good ad-hoc solutions relies on a data library. Each time a user attempts logging into the ad-hoc reporting solution, the latter makes a call to this library. Authentication can happen either through the operating system's security features or by building a custom authentication system.

Operating System Authentication. In this case, authentication takes place through services provided by the Microsoft Windows Internet Information Security (IIS) system Within the security model, this option is called Operating System Authentication.

Custom Authentication. Solutions should also allow the setup of a custom user authentication system, that is a system using its own login page and user/password list. It ensures that the current user is allowed to log in, and it passes the user name onto a Logi Info application. Custom authentication systems communicate with the application through authentication tickets. These are pieces of encrypted data communicated between the server and the client for the purpose of verifying the client's identity.

Authorization: What Can the User See?

Once a user has been authenticated, authorization determines the scope of what he is allowed to see or what actions he can perform. To control authorization, Logi Ad Hoc uses a combination of roles, permissions and rights.

Rights are pre-packaged into permissions; roles are sets of permissions. Users are then assigned one or more roles.

Rights. Rights are the general capabilities as to what a user or role may see. Technically, these are defined in the metadata database of the ad hoc reporting solution.

Permissions. Permissions are packages of rights, also defined in the metadata database. System administrators may use these or repackage rights as best fits the organization's needs.

Roles. Roles are sets of permissions which define the scope of the access to information.

The three security levels necessary in an ad hoc solution

There are three security levels in the better ad hoc reporting solutions:

1 - Record-level security determines what data may be seen, and is user/group based.
2 - Data-object or column-level security allows or disallows a role's access to certain tables or columns. Role-based.
3 - Folder-level security allows or disallows a role's access to certain folders of shared reports. This is also role-based.

Benefits of a robust ad hoc reporting security model

The main benefits of the data and user security model described are as follows:

a) Flexible and secure authorization and authentication. These applications offer the ability to tie into other systems like databases, NT Security, Active Directory and LDAP; tie to preexisting custom security structures; or define security in the Ad Hoc metadata database.

b) Granular level security, or the ability to permit or bar access to reports at the folder, object/column and record level. Based on authorization, report elements can be shown, hidden or disabled; and records can be securely filtered based on rights, permissions and roles.

Posted by The Ad Hoc Reporting Boys at February 17, 2009 8:45 AM

Comments

Posted by: London escort girls at May 16, 2011 7:46 PM

Posted by: London escort at May 16, 2011 11:24 PM

Posted by: www.Allegro.pl at May 17, 2011 1:12 PM

Post a comment

Name:

Email Address:

URL:
Remember Me? YesNo

Comments: