Presentation is loading. Please wait.

Presentation is loading. Please wait.

New MR Repository & Security Universal Object Access Brian A Suter VP WebFOCUS Product Development November 16, 2015 Copyright 2009, Information Builders.

Published byNoah Howard Modified over 9 years ago

Similar presentations

Presentation on theme: "New MR Repository & Security Universal Object Access Brian A Suter VP WebFOCUS Product Development November 16, 2015 Copyright 2009, Information Builders."— Presentation transcript:

1 New MR Repository & Security Universal Object Access Brian A Suter VP WebFOCUS Product Development November 16, 2015 Copyright 2009, Information Builders. Slide 1

2 76x Security Structure - Review Copyright 2009, Information Builders. Slide 2

3 WebFOCUS Managed Reporting Security Release 76x and Earlier  Internal (default) repository stored as HTM files on Application Server (basedir)  Authentication – Internal or External  Authorization - Internal or External (RDBMS, Active Directory, LDAP) using Realm Driver Browser Machine Application Server/ Web Server WebFOCUS Server WF Servlet & MR (Internal) Repository DB2 Oracle Sybase Informix Teradata… MR (External) Authorization (SQL RDBMS, Active Directory, LDAP) Java Client External Authentication

4 WebFOCUS 76x Managed Reporting Security User Authorization Groups Users Domains Reports Role(*) Launch Pages Documents Role is assigned directly to user. A user has only ONE role.

5 77x Repository and Security Copyright 2009, Information Builders. Slide 5

6 77 Repository  File System model:  Domains are top level folders  N-depth folder/file tree  No special purpose folders  Implemented in RDMS tables  Derby shipped and installed  Any RDBMS supported  Audit, backup, clustering  Special rules eliminated Copyright 2009, Information Builders. Slide 6

7 Groups & Users  Groups  Groups can have sub-groups, sub-sub-groups, etc.  Users are assigned to Groups (or sub-groups)  Users can belong to multiple groups  All users are in the EVERYONE group  User Authorizations  Group membership usually  authorization  Matches standard LDAP/AD models  User “flags” eliminated  User Management Copyright 2009, Information Builders. Slide 7

8 Security Rules  All rules have 3 parts:  A subject (Groups or Users) – the WHO  Has permitted operations – the WHAT  On some Folder (a resource) – the WHERE  Examples:  Group RepDev has Developer on folder /Sales  Group EVERYONE has RunReports on folder /Sales  WHO – WHAT – WHERE Copyright 2009, Information Builders. Slide 8

9 Security Rules (continued)  Permissions are inherited down the tree  RepDev inherits Developer permissions on folder /Sales/Forcasts  Single User can have specific rules on every object  Folder or file  Recommend only as the exception! Copyright 2009, Information Builders. Slide 9

10 Different roles on different folders Copyright 2009, Information Builders. Slide 10

11 Permissions Sets - WHAT  Named list of permissions on very granular operations  WF ships with a set of defined permission sets  Customers can create their own  Reusable for multiple rules  Usually declare what a subject can DO (permit)  Can declare what can not be done (deny)  Abilities are never implied  if an individual operation is not permitted or denied – it is an effective deny  WHO – WHAT - WHERE Copyright 2009, Information Builders. Slide 11

12 Creating and controlling Rules  “Access Rules” context menu choice  Specifies the WHERE of the rules to be created  Users need to be permitted to change rules on a resource  Group to sub-group inheritance  A rule for a group is inherited by sub-groups  WHO - WHAT – WHERE Copyright 2009, Information Builders. Slide 12

13 Example of setting Access Rules Copyright 2009, Information Builders. Slide 13

14 Permission Sets – List of Operations  Everything is an operation:  Create file, Create folder, Run report, Run differed, Schedule a report, Manage schedules, Create access lists, Create distribution lists, Update properties, Update Execution properties, Read file, Write file, Delete, Change Ownership, Share,...  Launch InfoAssist, Launch Editor, Launch security central, Launch RC admin, Launch developer Studio tools,...  Create groups, Assign users to groups, Make rules for the Group (group as subject), Share with Group,...  Create User, Update user status/password,...  Create PSET, Update PSET, Delete PSET,... Copyright 2009, Information Builders. Slide 14

15 Private Files & Folders (aka MyReports)  Private files can exist anywhere you allow them  Private folders recommended  Private files can be owned by users or by Groups  “In development”  Private files can be shared  With specific groups/users  Two special Permission-Sets:  Owners have PrivateFilePermissions on PrivateFiles  Sharees have SharedFilePermissions on SharedFiles  WHO – WHAT - WHERE Copyright 2009, Information Builders. Slide 15

16 Example of setting Shares Copyright 2009, Information Builders. Slide 16

17 User and Group Administration  Users are permitted operations to act on groups  Create sub-groups  Assign users to groups  Assign users from groups  Manage users in groups  Names, passwords  User management  GlobalUserAdmin has ManageUsers on /EVERYONE Copyright 2009, Information Builders. Slide 17

18 Everything is a Resource – a WHERE  /WFC  /Repository  Sales Domain, etc.  /UserInfo – preference files, deferred receipts  /SSYS  /GROUPS  /USERS  /PSETS  /WEB - APPROOT application directories  In the works  /VIEWS/viewname/tabname Copyright 2009, Information Builders. Slide 18

19 Thank you! Copyright 2009, Information Builders. Slide 19

Download ppt "New MR Repository & Security Universal Object Access Brian A Suter VP WebFOCUS Product Development November 16, 2015 Copyright 2009, Information Builders."

Similar presentations

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
File Server Organization and Best Practices IT Partners June, 02, 2010.

File Server Organization and Best Practices IT Partners June, 02, 2010.
WebFOCUS 8: Technical Overview

WebFOCUS 8: Technical Overview
WebFOCUS 8: Technical Overview

WebFOCUS 8: Technical Overview
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
TWSd Configuring Tivoli Workload Scheduler Security 1of3

TWSd Configuring Tivoli Workload Scheduler Security 1of3
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.

Similar presentations

Ads by Google