ADVIZOR Help
1.0.0
1.0.0
  • Introduction
  • Overview
    • ADVIZOR Help
    • ADVIZOR Overview
      • Analyst
      • Analyst/X
      • Data Blender
      • Desktop Navigator
      • Server AE
      • Managed Hosting
  • Using ADVIZOR
    • File Ribbon
      • Open an Existing ADVIZOR Project
      • Restore a Backup Project Version
      • Save a Project
      • Template Library
      • Update Expired Credentials
    • Analyze Ribbon
      • Select and Exclude Data
      • Flight Recorder
      • Set Coloring
        • Use Color Scale
        • Use Color By
        • Color Legend
      • Navigation Pane
    • Author Ribbon
      • Charts, Pages, and Dashboards
        • Composing Pages with Charts
        • Page Gallery
      • Load Data
        • Load New Data Using the Data Wizard
        • Load Text Data
        • Load Microsoft Excel Data
        • Load Microsoft Access Data
        • Load SQL Server Data
        • Load Oracle Data
        • Load a Database via ODBC
        • Manage Data Sources
        • Replace an Existing Data Source
      • Design Pages
        • Create Navigation Pane Content
        • Rearrange Charts
        • Change Chart Fonts
      • Use Color Models
        • Manage Color Models
        • Assign Color Models to Pages
        • Color Workshop
        • Identify How Color Is Applied to Data
        • Uncolorable Tables
      • Configure Charts
        • Property Explorer
        • Link Unmatched Rows
        • Show Missing Values
        • Use Polygon Map Format
        • Use FocusFormat Property
      • Condition Data
        • Project Workshop
        • Use the Expression Builder
        • Use the Link Wizard
        • Delete a Link
        • Date Formatter
        • Configure Data Hierarchies
      • Explore Data Usage
      • Identify Issues with Legacy Projects
      • Data Pool Visualization
    • Model Ribbon
      • Predictive Analytics: Analyst/X
      • Analytics Process
        • Bin a Categorical Field
        • Date Fields
        • Zip Codes
      • Predictive Modeling Pane
      • Configuring a Model
      • Managing Models
    • Share Ribbon
      • Share Results
      • Export Tables
      • Deployment and ADVIZOR Server
        • ADVIZOR Server Dashboards
        • Publishing to ADVIZOR Server
        • Server Security
        • Credential Based Filters
        • Embedding Data in a Project
  • Charts and Visual Discovery
    • Charts Overview
      • Bar Chart
        • Inserting a Bar Chart
        • Bar Chart Toolbar
      • Counts
        • Inserting a Counts
        • Counts Toolbar
      • Data Constellation
        • Inserting a Data Constellation
        • Data Constellation Toolbar
      • Data Sheet
        • Inserting a Data Sheet
        • Data Sheet Toolbar
      • Heat Map
        • Inserting a Heat Map
        • Heat Map Toolbar
      • Histogram
        • Inserting a Histogram
        • Histogram Toolbar
      • Line Chart
        • Inserting a Line Chart
        • Line Chart Toolbar
      • Map
        • Inserting a Map
        • Map Toolbar
      • Multiscape
        • Inserting a Multiscape
        • Multiscape Toolbar
      • Parabox
        • Inserting a Parabox
        • Parabox Toolbar
      • Pie Chart
        • Inserting a Pie Chart
        • Pie Chart Toolbar
      • Scatterplot
        • Inserting a Scatter Plot
        • Scatter Plot Toolbar
      • Summary Sheet
        • Inserting a Summary Sheet
        • Summary Sheet Toolbar
      • Text Box
        • Inserting a Text Box
        • Text Box Toolbar
      • Text Filter
        • Inserting a Text Filter
        • Text Filter Toolbar
      • Time Table
        • Inserting a Time Table
        • Time Table Toolbar
    • Recommended Chart Use
    • Visual Discovery
      • Using Colors
      • Selection
      • Managing Viewpoint
      • Missing Values
    • User Interfaces
      • Context Menu
      • Keyboard
  • Release Notes
    • What's New
      • Release 7.2
      • Release 7.1
      • Release 7.0
      • Release 6.8
      • Release 6.7
      • Release 6.6
      • Release 6.4
      • Release 6.3
      • Release 6.2
      • Release 6.2.2
      • Release 6.0
      • Release 5.9
      • Release 5.8.2
      • Release 5.7
      • Release 5.6.2
      • Release 5.6.1
      • Release 5.51
      • Release 5.5
      • Release 5.4.1
      • Release 5.4
      • Release 5.3
      • Release 5.22d
      • Release 5.2 SalesAdvizor
      • Release 5.1
      • Release 5.0.3
      • Release 5.0
    • If You Need Additional Help
    • Copyright
Powered by GitBook
On this page
  • Server Configuration
  • Specifying Security when Publishing
  • Important Note:
  1. Using ADVIZOR
  2. Share Ribbon
  3. Deployment and ADVIZOR Server

Credential Based Filters

PreviousServer SecurityNextEmbedding Data in a Project

Last updated 6 years ago

You can author dashboards that honor enterprise data security policies . This capability allows dashboard authors to author a single dashboard and publish it to a group of users who, when accessing that dashboard, will see only the data that they are authorized to see.

Access to the data within a project is controlled by a security strategy that must be defined and installed within the project directory area of the AE Server. A security strategy is a set of associations between users and data values, and whether those data values should be included or excluded from the display of data present to them when viewing a project. There may be one or more data strategies that are identified by name. When a project is published one of the configured data strategies may be selected to control access to the project data.

Data strategies are defined within files placed in the project directory of the AE Server. These files are named 'data security.config' and may be placed within project subdirectories or in the root project directory. A data security file placed within a subdirectory will be located and used for projects published to that subdirectory and a data security file located in the root project directory will be utilized for all other projects. This allows for security strategies based upon the directory that a project is published to with a default strategy located in the root directory. Note that all security strategies must have entries within the root project configuration file, if a strategy is defined within a subdirectory it may have an empty definition in the root. Without the definition in the root, the strategy will not be available for selection when publishing.

An empty data security file is installed in the project root directory and may be used as a starting point. The data security files are formatted XML files. An example of a set of security strategies might be:

This file defines two data strategies named 'Sales Regions' and 'Historical Quarters'. Within the 'Sales Region' strategy the user 'YourDomainName\fflintstone' will only see data that corresponding to rows having the values 'West' and 'East'. The user 'YourDomainName\wflintstone' will only see data values corresponding to rows having the values 'South' and 'West'. Any user that is not authenticated (the 'anonymous' User entry) will be excluded from seeing any data that corresponds to rows having a value of 'West'. The second security strategy is named 'Historical Quarters' and only specifies that the user 'YourDomainName\brubble' will see data values corresponding to rows having the values of 'Q1' and 'Q2'.

Specific notes about the fields within the data strategy:

The 'id' attribute of a Strategy must be unique among your strategies and should never be changed. This value is embedded within project files as they are published. If a strategy is further defined within a configuration file in a project subdirectory it must have the same identifier. The 'name' attribute of the strategy may be changed and is only used for display and selection of the available strategies when a project is published.

A User is specified with their full login domain and user name. The case of the entered values is ignored, but the formatting and spelling of the values must be exact. A user name of 'anonymous' may be used to match users that are not authenticated with the server.

Each user will have a ValueList that contains one or more Value elements that correspond to data values within a field in a project's data pool. These data values must be entered exactly as they exist within the data, case is observed to match values. This set of values will be included or excluded from the data within a project based on the filterType attribute setting of 'include' or 'exclude'. Any entry specified here that does not start with 'inc' will be considered to be an exclusion.

To exclude all data for a specific user create a ValueList with a filterType of 'include' without any Value elements.

If the 'anonymous' user entry is not present, access by non-authenticated users will be denied.

A single configuration file may contain multiple Strategy elements. A security Strategy may have multiple User elements, a ValueList may have multiple Value elements, but a User is only expected to have one ValueList.

Server Configuration

Before publishing dashboards to the server, you must make sure that the Server AE installation has been configured properly. This implementation relies upon Windows integrated security to identify users. You must modify the web.config file in the Server AE directory of your IIS installation to enable Windows integrated security to be utilized.

  1. Open up the IIS tree under Computer Management on your server. Browse to the ADV virtual directory and open up Properties. Under the Directory Security tab, make sure to check the box for “Windows integrated security”. This will set up IIS to pass Windows user credentials from the browser session to authenticate the users.

  2. Modify the web.config file in the Server AE installation directory. Under the <system.serviceModel> key, comment out the default anonymous bindings and select an appropriate security mode from the available choices that support Windows authentication.

  3. Copy the data security.config file that you created above to the Server AE Projects directory.

  4. The server is now configured for credential filtering.

Specifying Security when Publishing

When publishing a project to the server an additional dialog page is provided to configure data security for the project if there are data security strategies configured for the server. To enable data security, check the 'Enable Data Security' checkbox and provide values for the Table, Field, and Strategy names. The Table and Field values are used to identify the table and field within the data pool that must contain the values specified within a desired security strategy as explained above. The Strategy is the name of the desired security strategy that was created above. The Strategy names are collected from the data security configuration file that is installed in the root of the AE Server project directory.

Important Note:

When selecting a data field for security, insure that the selected field is not used in a text filter within the project. Only one text filter per data field is currently supported. A text filter accessible by the user would allow them to override the values specified by the security strategy. If it is desirable to have a text filter available to further exclude field items, a second field should be created with a copy operation for the field specified to the security strategy. This copied field should then never be used in a text filter.

based on user credentials