Access and Security
- Saparnell
Activity Hub access and security is set by the Data Governance Committee and Data Stewards.
Reports are saved into folders in Cognos/Tableau. Each folder is then connected to one or more Active Directory (AD) group.
Report development teams or business units then maintain the AD group membership.
Example:
Folder | AD Group | What can members do? |
|---|---|---|
Team A | TeamA_ProjectA_BI_Developers TeamA_ProjectA_BI_Consumers | Publish reports into the Team A folder in Cognos & Tableau. Run reports in Team A folder in Cognos & Tableau. Cannot see or run reports in Team B folder or Team C folder. |
Team B | TeamB_ProjectB_BI_Developers TeamB_ProjectB_BI_Consumers | Publish reports into the Team B folder in Cognos. Run reports in Team B folder in Cognos. Cannot see or run reports in Team A folder or Team C folder. |
Team C | TeamC_ProjectC_BI_Developers TeamC_ProjectC_BI_Consumers | Publish reports into the Team C folder in Tableau. Run reports in Team C folder in Tableau. Cannot see or run reports in Team A folder or Team B folder. |
Reports / Workbooks
Required: Reports live in Folders in both Cognos and Tableau. Security is then applied at a BI tool folder level.
Team Folder
Required: The security applied to Cognos Folders and Tableau Projects rely on Active Directory (AD) groups. Report developers work with their local Departmental Security Administrator (DSA) or local IT Support to create or use existing AD groups. The report developer then sends the AD group name to the BIA team so that the BIA team can create the team folder and connect it to the team AD group. The report developer can manage the participants of that AD group in order to manage who has access to the reports saved to that folder. For the Employee Activity Hub (EAH), Financial Activity Hub (FINAH), Research Activity Hub (RAH) and Student Activity Hub (SAH), access to the report will grant access to the data within the report.
Row Level Security
Additional security can be requested in the form of row based security. The Activity Hub can reference an access matrix that will contain a user login against the rows of data that users is assigned to see. The most common example of this is userid to department. Based on that matrix, the activity hub will only show data to users in that matrix and will only show that user the rows they are associated with.
Row level security is applied prior to Active Directory (AD) group security, therefore, AD group security cannot over-ride row level security.
Currently, only EAH is using row level security.
Activity Hub
At the Activity Hub level there is very limited access: only Cognos, Tableau and column groups can directly connect to an Activity Hub.
Report developers and report consumers use Cognos packages or Tableau data sources to access Activity Hub data. Report Consumers use reports/workbooks built by Report Developers to access Activity Hub data.
Data integration developers and integrated applications use column groups to access Activity Hub data.