AH Security FAQs
- Saparnell
- 1 Q: Where can I learn more about Data Governance at UCSD?
- 2 Q: Can I connect directly to the Activity Hubs / Hana?
- 3 Q: How do I set up a Team Folder?
- 4 Q: How to find the AD Group on your folder?
- 5 Q: How to edit an AD Group?
- 6 Q: How to see AD Group membership?
- 7 Q: How do I make my report available to all UCSD employees?
- 8 Q: How do I make my report available to the entire world?
- 9 Q: Who can see my report?
- 10 Q: If I give my consumer access to my report can they also see the data?
- 11 Q: Who decides what consumers get access to Activity Hubs?
- 12 Q: Who decides what report developers get access to Activity Hubs?
Q: Where can I learn more about Data Governance at UCSD?
Data Governance = https://blink.ucsd.edu/technology/bi/governance/index.html
Data Guidelines = https://blink.ucsd.edu/technology/bi/data-guidelines.html
Q: Can I connect directly to the Activity Hubs / Hana?
No. Access to the Activity Hubs / Hana for analytical needs is available via Cognos or Tableau as a report developer. Access to the Activity Hubs / Hana for data integration needs is available via Column Groups for data integration developers.
Q: How do I set up a Team Folder?
These process assumes that you have report developer access to Cognos and Tableau.
Order | Action | Who | Note |
|---|---|---|---|
1 | Creates Report | Report Developer who have been approved via Blink > Data Sources (https://blink.ucsd.edu/technology/bi/sources/index.html) |
|
2 | Requests Folder | Report Developer via email busintel@ucsd.edu with suggested folder name |
|
3 | Request new Active Directory (AD) Group or modifications to existing AD Group | Report Developer via email/ticket to their local Departmental Security Administrator (DSA) or local IT Support Team | BIA recommendation for AD Group naming convention
|
4 | Create AD Group | DSA or local IT Support team |
|
5 | Requests AD Group be added to Folder | Report Developer via email busintel@ucsd.edu include the folder name and AD Group name(s) to connect AD Group access can be one of three options:
| Cognos Example: Please create a new folder called "EcoTime Reports" and allow AD group "EcoTime_BI_Developer" to publish reports to this folder in DEV. Please also allow “EcoTime_BI_Developer” and "EcoTime_BI_Consumer" to view these reports in QA and Prod.
Tableau Example: Please create a new folder called "EcoTime Reports" and allow AD group "EcoTime_BI_Developer" to publish reports to this folder. Please also allow "EcoTime_BI_Consumer" to view these reports but NOT download summary data. |
6 | Adds AD Group to Folder | BIA per SNOW ticket from Report Developer |
|
7 | Adds report to Folder | Report Developer |
|
8 | Cognos: migrate to Cognos QA | Report Developer | 1st time set-up by BIA required |
9 | Cognos: Request migration to Cognos PROD | Report Developer via email busintel@ucsd.edu |
|
Q: How to find the AD Group on your folder?
Different teams choose different processes to maintain their Active Directory (AD) security groups. Some teams maintain their AD group membership via manual processes, others use tools like Service Now to incorporate approval processes.
If the report is located on the Business Analytics Hub (BAH), use the 'Request Access' link found on the same page as the report.
If the report is not on BAH, identify the report owner or the folder where the report lives
Tableau: Reports Developers can look up the permissions on a report or folder to identify the report owner and associated AD groups
Cognos: Email busintel@ucsd.edu to ask who the contact person is for the folder and/or report you are interested in.
Contact the report owner
Q: How to edit an AD Group?
Different teams choose different processes to maintain their Active Directory (AD) security groups. Some teams maintain their AD group membership via manual processes, others use tools like Service Now to incorporate approval processes.
If your team manually maintains AD group membership then email or create a ticket for your local Departmental Security Administrator (DSA) or local IT Support Team.
BIA does not have the ability to update AD groups.
Q: How to see AD Group membership?
Everyone in UCSD can view AD Group membership. See details on How to View Active Directory Group Membership
Q: How do I make my report available to all UCSD employees?
In both BI tools there is a ‘Public’ option which is available to all employees found in the ‘Roles_Active_Employees’ Active Directory security group.
You can save your report into the existing ‘Public’ folder or you can create a team folder and apply the ‘Public’ security via the ‘Roles_Active_Employees’ Active Directory security group.
This does not include Affiliates (people not paid via UC Path) or Students.
Q: How do I make my report available to the entire world?
Cognos does not have this ability.
UCSD has a Tableau server dedicated to reports that should be available to the world. See details on Tableau UCSD Public .
Q: Who can see my report?
Only the people in the Active Directory (AD) security group assigned to your team folder can see your report. Only Report Developers who are a member of the team can request that AD groups be assigned or removed from the folder in the BI tool.
Tableau reports saved to your desktop or Cognos reports saved to your ‘My content’ area can only be seen by yourself.
Q: If I give my consumer access to my report can they also see the data?
Yes, unless there is row level security applied.
Report developers are responsible for the data they share within the reports they share, therefore, if the report developer provides a consumer with access to the report the consumer will also get access to the data. Row level security (ie. Employee Activity Hub) is separate because the Employee data steward has requested additional approval required for access to the data per department.
Q: Who decides what consumers get access to Activity Hubs?
At the report level, report developers decide which Active Directory (AD) security groups have access to reports (grouped into folders).
At the row level and Activity Hub level, data stewards decide the requirements for access to the data they steward.
Q: Who decides what report developers get access to Activity Hubs?
Data stewards decide the requirements for access to the data they steward.