Versions Compared

Old Version 3

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version 4

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to: (tick) Kyvos Enterprise  (tick) Kyvos Cloud (SaaS on AWS) (tick) Kyvos AWS Marketplace

...

  1. From the Toolbox, click Semantic Models.

  2. Select the semantic model name from the list and click the Process tab if needed.

  3. From Properties, scroll down to Data Security and choose one of the following as an endpoint source:

  4. Select an endpoint.

  5. Click the Define Rule and Mapping link and select Groups or Users and select the groups or users you want to use or use Search to find them.

  6. For Rules, click Allow All Columns, Allow All Rows, or click the Plus sign next to Rules to add a custom rule. 

  7. On the Add Rule dialog, provide Rule Name and Description

  8. From the Row Level area, select any of the following from Restrict and select the field on which you want to apply the restriction.

Setting up

...

Column Level Security

To set up column-level security (CLS), perform the following steps. 

...

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#DEEBFF

Note

  • Column masking is not applied to Member Properties, Unknown and Calculated members, and Predefined time type hierarchy.

  • Currently, column masking does not support the SQL interface.

  • The original column data is preserved while masking because numeric data is masked with a number, and a date is masked with a date. You can specify a fixed pattern or a Regex expression for any string data type. 

  • The masked value is displayed while browsing the semantic model on any BI tool with an MDX connection. 

  • If using Tilde (~) for column masking and want to apply a filter on the masked value from Kyvos UI, then you must change the value of the field value separator as the default value of the kyvos.filter.value.separator property is also Tilde (~). Hence, you must change the default value of this property so that column masking with the Tilde character can function.

  • To apply column masking to a pre-defined hierarchy, you need to select the full name of the hierarchy.

  • You can create, delete, update, save, and assign column security (masking) rules by using the Security Rest API's.

To mask column data for Column Level Security (CLS), perform the following steps. 

...

  1. From the Toolbox, click Semantic Models.

  2. Select the semantic model name from the list and click the Build tab if needed.

  3. Click the Actions menu (...) in the work area and then click Data Security.

  4. Click users or groups that this rule will apply.

  5. Click the plus sign in the Rules column.

  6. Add a rule name and description.

  7. Click Row Level.

  8. Specify the field name and for criteria choose the parameter. Then select an LDAP custom attribute.

  9. Click Add.

Row level security on Key field

...

  1. .

Points to know

  • This functionality is applicable only when the Hierarchy/attribute contains description (display field).

  • Users with administrator privileges can set up RLS on field values or display values.

  • You cannot apply row-level security to the key field with a date type or predefined time hierarchy.

  • You cannot apply row-level security to the key field if the display field is not set for that key field.

  • Applied filters will execute properly with no impact on query performance.

...