Data Virtualization Demoette… CIS Rights

Slides:



Advertisements
Similar presentations
Welcome to the CardSaver VoIP Billing & Call Management Demonstration © 2004, Parwan Electronics Corporation.
Advertisements

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Security Planning and Administrative Delegation Lesson 6.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
1 Chapter Overview Creating Drive and Folder Shares Using Distributed File System Installing Network Printers Administering Network Printers Managing Share.
Navigating SQL Server Lesson 3. Skills Matrix Graphical User Interface (GUI) Management Tools SQL Server Management Studio SQL Server Configuration Manager.
1 Part-1 Chap 5 Configuring Accounts Definitions.
Security Planning and Administrative Delegation Lesson 6.
Master Data Management & Microsoft Master Data Services Presented By: Jeff Prom Data Architect MCTS - Business Intelligence (2008), Admin (2008), Developer.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
NetTech Solutions Security and Security Permissions Lesson Nine.
Configuring Print Services Lesson 7. Print Sharing Print device sharing is another one of the most basic applications for which local area networks were.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Guide to Operating Systems, 5th Edition
Data Virtualization Demoette… ODBC Clients
Data Virtualization Tutorial… SSL with CIS Web Data Sources
Data Virtualization Tutorial: Custom Functions
Data Virtualization Demoette… Logging in CIS
Welcome to the CardSaver VoIP Billing & Call Management Demonstration
Data Virtualization Demoette… Packaged Query Single Select Option
Data Virtualization Demoette… Business Directory Custom Properties
Data Virtualization Demoette… Caching – Database – Multi Table
Unit 7 Learning Objectives
Essentials of UrbanCode Deploy v6.1 QQ147
Business Directory REST API
Data Virtualization Tutorial: Introduction to SQL Script
Data Virtualization Demoette… Custom Java Procedures
Data Virtualization Demoette… Flat-File Data Sources
Information Security Professionals
Data Virtualization Demoette… ADO.NET Client
Data Virtualization Community Edition
Data Virtualization Demoette… JMeter Load Testing CIS SOAP
Data Virtualization Tutorial… LDAP Domains in CIS
Cisco Data Virtualization
Data Virtualization Community Edition
Data Virtualization Tutorial… CORS and CIS
Data Virtualization Demoette… Data Lineage Reporting
Basics and Navigation Module 2.
Data Virtualization Tutorial… OAuth Example using Google Sheets
Data Virtualization Tutorial: XSLT and Streaming Transformations
Data Virtualization Demoette… JDBC Clients
Securing the Network Perimeter with ISA 2004
Data Virtualization Tutorial… Semijoin Optimization
Data Virtualization Demoette… Column-Based Security
Data Virtualization Demoette… Parameterized Queries
Data Virtualization Demoette… Salesforce.com Data Source
Data Virtualization Demoette… DDL Feature
Data Virtualization Tutorial: JSON_TABLE Queries
Bomgar Remote support software
Data Virtualization Community Edition
02 | Developing ASP.NET MVC 4 Models
Utilize Group Policy Terminal Server Settings
Unit 9 NT1330 Client-Server Networking II Date: 8/9/2016
Course: Module: Lesson # & Name Instructional Material 1 of 32 Lesson Delivery Mode: Lesson Duration: Document Name: 1. Professional Diploma in ERP Systems.
Chapter 9: Managing Groups, Folders, Files, and Object Security
Presentation transcript:

Data Virtualization Demoette… CIS Rights Hello, and welcome to the Demoette series for Cisco Information Server, or CIS. In this Demoette, we discuss Rights in CIS.

Agenda What are they and why do they matter? A basic demo Summary Here is our agenda. We begin by defining CIS Rights and outlining their importance for our customers. Next we walk through a very basic demo of CIS Rights. Finally, we summarize the contents of this demoette.

Agenda What are they and why do they matter? A basic demo Summary Let’s begin by discussing what CIS Rights are and why they are important for our customers.

What are they? CIS Rights System-wide capabilities, including: Tools, such as Studio Administration, such as config, status, and users Access to resources, such as Views and Procedures Rights may be assigned to: Groups Users CIS Rights are system-wide capabilities that may be granted to Groups and Users using CIS Manager. Rights are system-wide capabilities that fall into three broad categories. First, they grant access to Tools, such as CIS Studio and command-line programs. Second, they grant access to Administrative capabilities, such as viewing or modifying CIS system configuration, server status, and system users. Third, they grant system-wide access to CIS resources, such as Views, Procedures, and other artifacts.

Why do they matter? CIS Rights During development: Prevent unauthorized users from accessing developer tools and resources Enable developers to access needed resources During ongoing operation: Enable System Administrators to limit access to operational controls CIS Rights are important for CIS developers, system administrators, and IT managers. At development time, Rights prevent unauthorized users from accessing developer tools and resources, while ensuring that authorized developers may access and modify resources needed during development. During ongoing operations, Rights enable System Administrators to limit access to important operational controls, such as system configuration parameters. This, in turn, gives IT managers assurance that CIS provides appropriate levels of security, along with the flexibility needed for the data needs of a large, complex enterprise.

Rights and Privileges: what’s the difference? Managed by… Granted to… Scope… Rights CIS System Administrators CIS Groups and Users System-Wide Privileges CIS System Administrators CIS Groups and Users Specific CIS Resources CIS implements both Rights and Privileges. They are often discussed together, but it is important to understand the difference between the two. <CLICK> Rights and Privileges are similar in that they are both typically managed by CIS System Administrators. <CLICK> They are also similar in that they are both capabilities that are granted to CIS Groups and Users. <CLICK> However, Rights are system-wide capabilities, while Privileges are capabilities that are granted at the Resource level.

Agenda What are they and why do they matter? A basic demo Summary Next, let’s walk through a very basic demo of CIS Rights.

Demo: Here is the business problem… Here is the business problem we illustrate in this demoette.

Demo: Here is the business problem… CIS Configuration and User Management Administrators Group CIS Tools CIS Developed Resources We have a System Administrators group that has full power to configure CIS, use its tools, and access CIS resources.

Demo: Here is the business problem… CIS Configuration and User Management Administrators Group CIS Tools Developers Group CIS Developed Resources However, we want to limit the capabilities of other user groups. We want Developers to be able to use tools and access resources, but we don’t want them to configure the system or manage users.

Demo: Here is the business problem… CIS Configuration and User Management Administrators Group CIS Tools Developers Group CIS Developed Resources We also have a group of Analysts who do limited development in CIS. We want them to be able to access tools, like Studio, for their work. However, we don’t want them to be able to access all CIS resources system-wide, and we don’t want them to do any system configuration or user management. Analyst Group

Demo: Here is the business problem… CIS Configuration and User Management Administrators Group CIS Tools Developers Group Data Consumers CIS Developed Resources Keep in mind that a typical CIS installation will also have one or more groups of end users, or Data Consumers. These users usually have NO CIS rights of any kind. Even though they have no rights, these users are given appropriate Privileges so that they can access specific published resources via JDBC, ODBC, ADO.NET, and Web Services interfaces. Analyst Group

Demo: before you begin… Import Groups and Users needed for this demoette. In this demo, we use three different CIS Groups that have different Rights settings. To prepare for the demo, use the CIS Package Import command-line utility to import the Groups and Users you will need. We cannot use the GUI-based Import capability because it does not provide fine-grained control over import of Groups and Users. In the additional resources that accompany this demoette, you will find the CAR file, along with instructions and a sample command-line that you can paste into a Command Window. Also note that the command-line export and import utilities require at least one CIS resource to be included. Because of this, you will find a folder called dummyResource installed in the shared portion of the CIS namespace after you run the import.

Demo: compare Rights across the three groups We begin the demo by showing that we have created three groups with different sets of system-wide CIS Rights. Open CIS Manager in a browser, and navigate to the Group Management screen under the Users tab. Click on each Group name to show its Rights. <CLICK> Our Developers Group may access CIS tools, such as Studio, and may read and modify all CIS resources. Members of this group may also read CIS status information, which means they can use CIS Manager to see sessions, transactions, requests, caches, data sources, clusters, and so on. However, Developers cannot modify Status information, which means they cannot perform actions such as clearing query plans and caches; terminating sessions, requests, and transactions; stopping and restarting the server, and so on. Note also that Developers may not unlock resources, and have no access to CIS configuration information or User information. <CLICK> Our Analysts Group is similar to the Developers Group, but Analysts have no system-wide access to CIS resources. This means that we will have to grant Privileges on specific CIS resources before these users can work with the Resources in Studio. <CLICK> Finally, our Consumers Group has no rights at all, and will not even be able to log in to Studio. They will be able to access published resources when appropriate Privileges are granted. Note that this group is functionally identical to the default “all” Group. We create the Consumers Group for this demo, though, in order to highlight the fact that we can create fine-grained control over Rights for Groups and Users.

Demo: show the Users within each Group Now navigate to the User Management screen on the Users tab. <CLICK> Show that we have created three users for this demo. <CLICK> Click the plus sign in the Groups column to show how we have assigned each user to a different group. <CLICK> For convenience, we have noted in the Annotation column that the password for each user is ‘password.’

Demo: show the Rights for Developers Log in to Studio as the Developer user. <CLICK> Note that developers can see all resources in the Shared area of the namespace, because they have full rights on Resources. <CLICK> However, the Administration menu shows that Full Server Backup and Configuration capabilities are greyed-out, because members of our Developers Group do not have Configuration rights.

Demo: show the Rights for Analysts Now log in to Studio as the Analyst user. Note that analysts can only see the Examples folder in the Shared area of the namespace. The examples are visible because they are part of the base CIS install. If we want to allow Analysts to work with specific resources, we will grant appropriate Privileges on those resources, but we do not let Analysts have system-wide Rights to all resources. Sometimes, you might log in as an Analyst and see the other folders in the Shared area greyed-out. If you refresh the Namespace from the File menu, these greyed-out entries will disappear.

Demo: show the Rights for Consumers Finally, log in to Studio as the Consumer user. Note that CIS recognizes the logon and password as a valid CIS user, but enforces the fact that this user does not have the right to use Studio.

Agenda What are they and why do they matter? A basic demo Summary Let’s summarize what we have seen in this presentation.

Summary System-wide capabilities, including: Tools, such as Studio Administration, such as config, status, and users Access to resources, such as Views and Procedures Benefits Prevent unauthorized users from accessing developer tools and resources Enable developers to access needed resources Enable System Administrators to limit access to operational controls CIS Rights are system-wide capabilities that may be granted to Groups and Users using CIS Manager. Rights are system-wide capabilities that fall into three broad categories. First, they grant access to Tools, such as CIS Studio and command-line programs. Second, they grant access to Administrative capabilities, such as viewing or modifying CIS system configuration, server status, and system users. Third, they grant system-wide access to CIS resources, such as Views, Procedures, and other system artifacts. CIS Rights are important for CIS developers, system administrators, and IT managers. At development time, Rights prevent unauthorized users from accessing developer tools and resources, while ensuring that authorized developers may access and modify resources needed during development. During ongoing operations, Rights enable System Administrators to limit access to important operational controls, such as system configuration parameters. This, in turn, gives IT managers assurance that CIS provides appropriate levels of security, along with the flexibility needed for the data needs of a large, complex enterprise. Thank you.

TOMORROW starts here.