Access and Security

Activity Hub access and security is set by the Data Governance Committee and Data Stewards. 

Example:

FolderAD GroupWhat can members do?
Team A

TeamA_ProjectA_BI_Developers

TeamA_ProjectA_BI_Consumers

Publish reports into the Team A folder in Cognos & Tableau.

Run reports in Team A folder in Cognos & Tableau.

Cannot see or run reports in Team B folder or Team C folder.

Team B

TeamB_ProjectB_BI_Developers

TeamB_ProjectB_BI_Consumers

Publish reports into the Team B folder in Cognos.

Run reports in Team B folder in Cognos.

Cannot see or run reports in Team A folder or Team C folder.

Team C

TeamC_ProjectC_BI_Developers

TeamC_ProjectC_BI_Consumers

Publish reports into the Team C folder in Tableau.

Run reports in Team C folder in Tableau.

Cannot see or run reports in Team A folder or Team B folder.

Reports / Workbooks

Required: Reports live in Folders in both Cognos and Tableau.  Security is then applied at a BI tool folder level.

Team Folder

Required: The security applied to Cognos Folders and Tableau Projects rely on Active Directory (AD) groups.  Report developers work with their local Departmental Security Administrator (DSA) or local IT Support to create or use existing AD groups.  The report developer then sends the AD group name to the BIA team so that the BIA team can create the team folder and connect it to the team AD group.  The report developer can manage the participants of that AD group in order to manage who has access to the reports saved to that folder.  For the Employee Activity Hub (EAH), Financial Activity Hub (FINAH), Research Activity Hub (RAH) and Student Activity Hub (SAH), access to the report will grant access to the data within the report.

Row Level Security

Additional security can be requested in the form of row based security.  The Activity Hub can reference an access matrix that will contain a user login against the rows of data that users is assigned to see.  The most common example of this is userid to department.  Based on that matrix, the activity hub will only show data to users in that matrix and will only show that user the rows they are associated with.

Row level security is applied prior to Active Directory (AD) group security, therefore, AD group security cannot over-ride row level security.

Currently, only EAH is using row level security.

Activity Hub

At the Activity Hub level there is very limited access:  only Cognos, Tableau and column groups can directly connect to an Activity Hub. 

Report developers and report consumers use Cognos packages or Tableau data sources to access Activity Hub data. Report Consumers use reports/workbooks built by Report Developers to access Activity Hub data.

Data integration developers and integrated applications use column groups to access Activity Hub data.