20200713 - EAH Security Testing

To Report Developers

The Business Intelligence and Analytics (BIA) team has been requested to implement the following row based security within Employee Activity Hub (EAH) on top of our standard Activity Hub security.

  • If you are a UCPath transactor or have a UCPath inquiry role, your reports will automatically mirror the row level security that you have in UCPath on July 20, 2020.
  • If you are not a transactor or do not have a UCPath inquiry role, your reports – new or old - will not return data on July 20, 2020.
  • Regardless of your UCPath role your existing data integration will not be impacted on July 20, 2020.   Going forward you have the opportunity to leverage the row based security in your data integration.

BIA anticipates implementing this security into our QA environments for testing on July 13 and into our production environments on July 20. 

Please take the time from July 13 to July 17 to test your reports in Cognos DEV and Tableau QA with the new security changes.  You and your end customers will need to request access to the department you need to report against and/or view.  Cognos users: point your report at the package in Cognos DEV > Employee Activity Hub > EAH Analytics Packages UAT and select Hana QA when running your report.  Tableau users: connect your workbook to the EAH data source with -QA at the end. 

End consumers can request access to department data needed to perform their job by filling out the UCPath Reports Access Request form.  Report developers can request access to department data you need to perform your job by filling out the Employee Activity Hub Report Developer Access Request.


FAQ Page

/wiki/spaces/EAH/pages/41060161

To Data Integration Folks

The Business Intelligence and Analytics (BIA) team has been requested to implement the following row based security within Employee Activity Hub (EAH) on top of our standard Activity Hub security.

  • If you are a UCPath transactor or have a UCPath inquiry role, your reports will automatically mirror the row level security that you have in UCPath on July 20, 2020.
  • If you are not a transactor or do not have a UCPath inquiry role, your reports – new or old - will not return data on July 20, 2020.
  • Regardless of your UCPath role your existing data integration will not be impacted on July 20, 2020.   Going forward you have the opportunity to leverage the row based security in your data integration.

BIA anticipates implementing this security into our QA environments for testing on July 13 and into our production environments on July 20. 

Please take the time from July 14 to July 17 to test your data integration processes against Hana QA with the new security changes. 

If you are using Cognos or Tableau to preview the data included in your column group(s) then your new and current reports will be blank.  You will need to request access to department data you need to perform your job by filling out the Employee Activity Hub Report Developer Access Request.  BIA recommends that you request access to ITS only - access to all of UCSD is not necessary to test most data integration scenarios and is not guaranteed.  Please work with Continuity Planning (esr-continuity@ucsd.edu) to fill out the Employee Activity Hub Report Developer Access Request form in order to gain more than ITS access.

Cognos users: point your report at the package in Cognos DEV > Employee Activity Hub > EAH Analytics Packages UAT and select Hana QA when running your report. 

Tableau users: connect your workbook to the EAH data source with -QA at the end. 

FAQ Page

/wiki/spaces/EAH/pages/41060161

How will this impact the data integration processes? 

Scenario:  I use Cognos / Tableau to preview the data that will be in my data integration.  What will I see? 

If you are not a transactor or do not have a UCPath inquiry role, your reports – new or old - will not return data on July 20, 2020.  You will need to request access to the data via the forms (links) so that you can see the data in Cognos/Tableau.  We recommend that you request access to ITS only - access to all of UCSD is not necessary to test most UCPath scenarios.  Please work with Continuity Planning to fill out the form in order to gain more than ITS access.

Scenario:  I have a data integration that is currently working. 

The current column groups are machine to machine using Nifi and therefore will continue to point at non-secured views and therefore your data integration will continue to see all of the rows.  The assumptions is that your end application implements appropriate security.

Scenario:  Machine to machine using API. 

An API can use the generic AD account, but one of the parameters passed should be the AD account of the person physically using the application and this parameter will engage the security.  When the API pulls data there needs to be a WHERE clause to identify the person physically using the application in order to engage the EAH security.

If you would like to take advantage of the built in row level security from EAH please request a secured column group.

Scenario: Machine to machine using Nifi.

Nifi can use the generic account and target application is expected to set the appropriate security.  Example: Batch Jobs