Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Virtualization Demoette… Column-Based Security

Published byKevin Ryan Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Virtualization Demoette… Column-Based Security"— Presentation transcript:

1 Data Virtualization Demoette… Column-Based Security
Hello, and welcome to the Tutorial series for Cisco Information Server, or CIS. Tutorials are brief instructional videos that demonstrate specific features of CIS. In this Tutorial, we discuss CIS’s Column-Based Security feature.

2 Agenda What is it and why does it matter? A basic demo Summary
Here is our agenda. We begin by defining column-based security and outlining its importance for our customers. Next we walk through a very basic demo of column-based security. Finally, we summarize the contents of this demoette.

3 Agenda What is it and why does it matter? A basic demo Summary
Let’s begin by discussing what column-based security is, and why it’s important for our customers.

4 What is it? Column-based Security
Column-level data access restrictions for: Users Groups Applies to: Tables Views Column-based security is a CIS capability that enables developers to specify data access restrictions at the column level for CIS users and groups. Column-based restrictions may be applied to Tables and Views. If the restricted column is part of a table, an access attempt to the table will generate an access error. If the restricted column is part of a View, no access error is generated, but the restricted column and/or metadata will not be included in the data returned to the user.

5 Why does it matter? Column-based Security During development:
Enables flexible, granular restrictions to be applied to sensitive information Enhances reusability of CIS tables and views During ongoing operation: Enables System Administrators to control data access without additional developer intervention Column-based security is important for CIS developers, system administrators, and IT managers. At development time, it lets developers or administrators specify flexible and highly granular restrictions for sensitive data that may need to be restricted for certain users or groups. This enhances re-use of CIS views, because it permits a single view to be leveraged across many CIS users who may have different permission levels. During ongoing operations, column-based security lets system administrators control user and group access to sensitive data without any need for developer intervention. This, in turn, gives IT managers assurance that CIS provides appropriate levels of security, along with the flexibility needed for the data needs of a large, complex enterprise.

6 Agenda What is it and why does it matter? A basic demo Summary
Next, let’s walk through a very basic demo of column-based security.

7 Demo: Here is the business problem…
Administrators Group Eagle Users Group Complete View Restricted View (no phones) Here is the business problem that we illustrate in this demo. We have created a CIS Customer View based on a customer table from a physical data source. Users in the Administrators Group may access all the columns in the view. However, we also have a group called Eagle Users. We want members of this group to be able to see all columns in the View EXCEPT for two: the customer’s phone number and fax number. We don’t want our developers to have to create separate views for each user group, and we want to simplify administrative tasks as users come and go from these groups. Therefore, we want to add column restrictions based on group membership.

8 Demo: before you begin…
Be sure these privileges are removed for eagle users. In this demo, we’ll create a view that returns all columns for administrator users, but restricts the phone number columns for members of the Eagle Users group. You can create an Eagle Users group, and give it No rights. If you have run this demo before, make sure that the Customers table from the ds_orders datasource in the Examples folder has no permissions set for the Eagle Users group.

9 Demo: define a folder Begin by creating a new folder for the demo. Be sure to create this folder in the Shared portion of the CIS namespace. Remember, the My Home area of the namespace is only accessible to the owner and to users with administrative privileges, so if you try to create the demo in My Home, you will have trouble when you try to specify permissions for other groups. <CLICK> Specify Read and Select privileges for Eagle Users on the folder. Note that Privileges can be assigned to any CIS artifact.

10 Demo: create the view Create a new View in the folder…
<CLICK> …and drag in the Customers table from Shared/Examples/ds_orders. <CLICK> Use the Grid Panel to create a projection using all columns. Note that PhoneNumber and FaxNumber are the columns we are going to restrict for this demo.

11 Demo: set permissions at the View level
Open Privileges for the View in the Namespace, and choose Read and Select privileges for Eagle Users on the View. Also select “Apply recursively to dependencies,” which will cause the eagle user permissions to be added to the underlying Customers table.

12 Demo: restrict the phone number columns
Select the PhoneNumber column from the Customers View, and open its Privileges. Turn Read and Select OFF for the Eagle Users group. Repeat this process for the FaxNumber column.

13 Demo: publish the View Publish the View. Note that the Eagle Users group will not have privileges yet for the published view, even though we set them on the design-time view. <CLICK> To grant access to eagle users, open Privileges for the top-level container, called Demoettes in this example. Add Read and Select privileges for eagle users, and check the box to apply these privileges to child resources and folders. This will propagate the privileges to the catalog and schema containers, as well as to the published View.

14 Demo: access the View Now we are ready to access the published views from an external client, in order to see how the result sets will vary depending on our login type. In this example, we use Squirrel to access CIS. <CLICK> When we log in as an Administrator and access the published view, we are able to see the phone number fields. <CLICK> However, when we log in as an Eagle user, the phone number fields do not appear. Our demo is complete.

15 Agenda What is it and why does it matter? A basic demo Summary
Let’s summarize what we have seen in this presentation.

16 Summary Column-level data access restrictions for: Users and Groups
Applies to: Tables and Views Benefits Development: Granular data restriction enhances reusability of CIS tables and views Operation: Administrators control data access Column-based security enables data to be restricted at the column level for CIS users and groups. Column-based security may be applied to Tables and Views. At development time, column-based security enhances resource re-use by enabling developers to use a single Table or View to serve the needs of different users and groups. In addition, column-based security makes it much easier for system administrators to provide fine-grained control over data access for user communities where membership may change frequently. Thank you.

17 TOMORROW starts here.

Download ppt "Data Virtualization Demoette… Column-Based Security"

Similar presentations

Accessing and Using the e-Book Collection from EBSCOhost ® When an arrow appears, click to proceed to the next slide at your own pace. To go back, click.

Accessing and Using the e-Book Collection from EBSCOhost ® When an arrow appears, click to proceed to the next slide at your own pace. To go back, click.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
BSC Food Distribution 8181 NW 36 Street, Suite 14-D Doral, FL 33166 Phone: 305 591 9720 Fax: 305 394 9472

BSC Food Distribution 8181 NW 36 Street, Suite 14-D Doral, FL Phone: Fax:
Thank you for participating in Online Giving! This tutorial will walk you through the steps of setting up an account. You will need an email address and.

Thank you for participating in Online Giving! This tutorial will walk you through the steps of setting up an account. You will need an address and.
Benefits Self Service This presentation walks you through enrolling into benefits using Benefits Self Service.

Benefits Self Service This presentation walks you through enrolling into benefits using Benefits Self Service.
Chapter 7: WORKING WITH GROUPS

Chapter 7: WORKING WITH GROUPS
With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.

With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.
Copyright 2000 eMation SECURITY - Controlling Data Access with

Copyright 2000 eMation SECURITY - Controlling Data Access with
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
TCM/HS Library Online Catalog. To access the Library Online Catalog, visit and Click on Media Centers

TCM/HS Library Online Catalog. To access the Library Online Catalog, visit and Click on Media Centers
2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.

2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
1 BCS 4 th Semester. Step 1: Download SQL Server 2005 Express Edition Version Feature SQL Server 2005 Express Edition SP1 SQL Server 2005 Express Edition.

1 BCS 4 th Semester. Step 1: Download SQL Server 2005 Express Edition Version Feature SQL Server 2005 Express Edition SP1 SQL Server 2005 Express Edition.
ELISTING How to use eListing to conveniently and quickly file your personal property listing online. DEPARTMENT OF ASSESSMENTS King County To navigate.

ELISTING How to use eListing to conveniently and quickly file your personal property listing online. DEPARTMENT OF ASSESSMENTS King County To navigate.
HR Development Division PA Office of Administration Room 511 Finance Building Harrisburg PA 17120 Enterprise Portal Community Management Overview Click.

HR Development Division PA Office of Administration Room 511 Finance Building Harrisburg PA Enterprise Portal Community Management Overview Click.
DAMIR for Releasers Tuesday 10/30/2007 Breakout Session 5A Wednesday 10/31/2007 Breakout Session 3A.

DAMIR for Releasers Tuesday 10/30/2007 Breakout Session 5A Wednesday 10/31/2007 Breakout Session 3A.
Unit & District Tools Phase 1

Unit & District Tools Phase 1

Similar presentations

Ads by Google