Configuring Column-based Security

Topics:

The Security tab appears in the Administration console when either or both switches are enabled, as shown in the following image.

Click the Security tab to open the Enhanced Security management tool. This tool is used to configure access to any column or row in all OGC tables (screens) for specific users.

Configuring Column Access

How to:

The Enhanced Security management tool consists of the following sections:

  • domains list (located on the left pane)
  • column sets editor (located on the right pane)

From the domains list, you can select a specific domain to access and configure its data.

Using the column sets editor, the security administrator can create a set of columns that will be visible to a specific user.

Procedure: How to Add a New Column Set

If there are no column sets created for a specific domain, the No column sets found message appears.

To add a new column set:

  1. From the domains list in the left pane, scroll down and click the domain (subject or sub collection) to which you want to grant column access (for example, Supplier Master), as shown in the following image.
  2. Click Add Column Set.
    A new column set appears with the list of available columns for the selected domain, as shown in the following image.

    A new column set consists of the following:

    • Column selection list
    • Row criteria selectors
    • Save and Delete buttons

    Note that the validation is active and notifies you that at least one user name and one column must be selected for the created column set.

  3. Select the check box for each column you want to allow access.
  4. Click the Users drop-down list to view a list of available users.
  5. Select the user(s) that you want to grant access to the column set of selected columns.

    For example, to configure the first column set, select the check box for the five non-sensitive columns, and enter the two most restricted view user IDs (for example, ds_a and ds_b).

  6. Click Save.
  7. Expand the desired column set name (for example, Column set 1) to view the users and columns within the column set, as shown in the following image.
  8. Confirm your changes to the users or columns, and then click Save.
  9. Log on to OGC as one of the newly configured users (for example, ds_a or ds_b) and verify that the 360 Viewer has allowed the configured access results (for example, the five columns that were just specified), as shown in the following image.

    Note the orange exclamation icon, which appears next to the user ID, as shown in the following image.

    This icon indicates that data may be restricted due to security purposes.

  10. Enter two more column sets allowing the appropriate user access to the data.

    For example, add Column set 2 to the Supplier Master domain, and allow the PRIMARY/super_a user access to seven columns, the same five configured in Column set 1, in addition to credit_rating and ssn_TIN, as shown in the following image.

  11. Log on to OGC as the PRIMARY/super_a user and verify access to the seven configured columns, as shown in the following image.
  12. Add Column set 3 to the Supplier Master domain, as shown in the following image.
  13. Allow the PRIMARY/super_b user access to ssn_TIN in addition to the five columns granted in the Supplier Master domain for Column set 1, as shown in the following image.
  14. Log on to OGC as the super_b user to verify that the sixth column, ssn_TIN, is accessible, as shown in the following image.

    Note that a single column set can be configured for multiple users.

    The selection of specific values is not required (for example, all values for a specific column are selected and displayed). However, if it is necessary to restrict or allow visibility of specific values for specific users, then the individual configurations must be configured via row-based access security.