Example Security Scenario in iDashboards

The following diagram shows a common security scenario in iDashboards for a company that rolled out dashboards for a small set of its employees. They have developed dashboards for their Sales and Human Resources departments and wish to control what users can do with them.

They wanted to implement the following list of requirements:

1. Sales users can only view Sales dashboards, except one Sales user that can also create and edit Sales dashboards for the department. Sales users cannot view HR dashboards.
2. HR users can only view HR dashboards, except one HR user that can also create and edit HR dashboards for the department. HR users cannot view Sales dashboards.
3. One IT user that can view, edit and create dashboards for Sales and HR, as well as administer the iDashboards application.
4. One CEO user that can view dashboards for Sales and HR.

The following diagram shows how this would be accomplished:

To fulfill their requirements, they configured the following Users, Groups and Categories via the iDashboards Administrator Application. They left the default group access to all Data Sources as “yes”.

Sales

• Created three Sales users. Sales-User1 and Sales-User2 are assigned the Business User role because they don’t need to create new charts from live data sources or edit data settings of existing charts. Sales-User3 is assigned the Analyst role because they need the ability to create new charts from live data sources.
• Created a “Sales” category where all Sales charts and dashboards are saved.
• Created a “Sales-Users” group that has View privileges to the “Sales” category and None privileges to the “HR” category. Assigned all Sales users to this group so they can view all Sales dashboards, but none of the HR dashboards.
• Created a “Sales-Analysts” group that has Save privileges to the “Sales” category and None privileges to the “HR” category. Assigned only Sales-User3 to this group so they can save to the “Sales“ category, thus giving them the ability to create new charts and modify existing ones in that category and save.

HR

• Created three HR users. HR-User1 and HR-User2 are assigned the Business User role because they don’t need to create new charts from live data sources or edit data settings of existing charts. HR-User3 is assigned the Analyst role because they need the ability to create new charts from live data sources.
• Created an “HR” category where all HR charts and dashboards are saved.
• Created an “HR-Users” group that has View privileges to the “HR” category and None privileges to the “Sales“ category. Assigned all HR users to this group so they can view all HR dashboards, but none of the Sales dashboards.
• Created an “HR-Analysts” group that has Save privileges to the “HR“ category and None privileges to the “Sales“ category. Assigned only HR-User3 to this group so they can save to the “HR” category, thus giving them the ability to create new charts and modify existing ones in that category and save.

IT

• Created one IT user called IT-User that is assigned the Admin role. This gives the user all Analyst permissions (notably, the ability to create new charts from live data sources and edit data settings of existing charts), as well as the ability to log into the iDashboards Administrator Application so they can manage the software.
• Created an “IT-Analysts” group that has Save privileges to the “Sales” and “HR” categories. Assigned only IT-User to this group so they can save to both categories, thus giving them the ability to create new charts and modify existing ones in both categories and save.

CEO

• Created one C-level user called CEO-User that is assigned the Business User role because they don’t need to create new charts from live data sources or edit data settings of existing charts.
• Created a “C-Users” group that has View privileges to the “Sales” and “HR” categories. Assigned only CEO-User to this group so they can view all Sales and HR dashboards.

Matt Crawford– Technical Consultant, iDashboards

Leave a Reply

Your email address will not be published. Required fields are marked *