Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to: (tick) Kyvos Enterprise  (tick) Kyvos Cloud (SaaS on AWS) (tick) Kyvos AWS Marketplace

...

Security settings allow you to limit access to data by the criteria you specify, such as region or by department (group). Configure data security at the row or column level or both for saved cubessemantic models. You can specify security access for individual users or groups. Right-click an existing rule to modify or delete it. Data security rules can be exported along with the data. Use And or Or to create complex rule conditions. Each rule can have a separate column and row-level security.

...

  1. From the Toolbox, click Semantic Models.

  2. Select the semantic model name from the list and click the Process tab if needed.

  3. From Properties, scroll down to Data Security and choose one of the following as an endpoint source:

  4. Select an endpoint.

  5. Click the Define Rule and Mapping link and select Groups or Users and select the groups or users you want to use or use Search to find them.

  6. For Rules, click Allow All Columns, Allow All Rows, or click the Plus sign next to Rules to add a custom rule. 

    Image Added
  7. On the Add Rule dialog, provide Rule Name and Description

    Image Added
  8. From the Row Level area, select any of the following from Restrict and click the field link and select the field on which you want to apply the RLS.

  9. Click the value link, and the dialog box is displayed where you can search or select the values on which you can apply the RLS. The selected values are displayed in the Selected Values section. The available choices vary depending on the data you are using.  

    Image Added
  10. Click Add. The RLS is applied to the selected values.

From Kyvos 2023.5 onwards, you can also apply RLS on the Key value when the Hierarchy/attribute contains description (display field).

  1. Click Row Level, and then select the click the field link, and then select the field on which you want to apply the restriction.RLS security on key field.

    Image Added
  2. The RLS on Key field is applied to the values.

    Image Added

Setting up

...

Column Level Security

To set up column-level security (CLS), perform the following steps. 

...

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#DEEBFF

Note

  • Column masking is not applied to Member Properties, Unknown and Calculated members, and Predefined time type hierarchy.

  • Currently, column masking does not support the SQL interface.

  • The original column data is preserved while masking because numeric data is masked with a number, and a date is masked with a date. You can specify a fixed pattern or a Regex expression for any string data type. 

  • The masked value is displayed while browsing the semantic model on any BI tool with an MDX connection. 

  • If using Tilde (~) for column masking and want to apply a filter on the masked value from Kyvos UI, then you must change the value of the field value separator as the default value of the kyvos.filter.value.separator property is also Tilde (~). Hence, you must change the default value of this property so that column masking with the Tilde character can function.

  • To apply column masking to a pre-defined hierarchy, you need to select the full name of the hierarchy.

  • You can create, delete, update, save, and assign column security (masking) rules by using the Security Rest API's.

To mask column data for Column Level Security (CLS), perform the following steps. 

...

  1. From the Toolbox, click Semantic Models.

  2. Select the semantic model name from the list and click the Build tab if needed.

  3. Click the Actions menu (...) in the work area and then click Data Security.

  4. Click users or groups that this rule will apply.

  5. Click the plus sign in the Rules column.

  6. Add a rule name and description.

  7. Click Row Level.

  8. Specify the field name and for criteria choose the parameter. Then select an LDAP custom attribute.

  9. Click Add.

Row level security on Field column

Kyvos allows you to set Row Level Security (RLS) on field column as the description (display field) is changing very frequently as per the business requirements so you can apply RLS on a Key field value (to save time and resources. While browsing a worksheet, filters applied to a key field will be respected, and the display field value corresponding to the key value will be shown instead of displaying all values.

Points to know

  • Users with administrator privileges can set up RLS on field values or display values.

  • You cannot apply row-level security to the key field with a date type or predefined time hierarchy.

  • You cannot apply row-level security to the key field if the display field is not set for that key field.

  • Applied filters will execute properly with no impact on query performance.

 

To define a parameterized RLS filter, perform the following steps:

  1. From the Toolbox, click Semantic Models.

  2. Select the semantic model name from the list and click the

Process tab if needed.

  1. Click the Actions menu (...) in the work area and then click Data Security.

  2. Click users or groups that this rule will apply.

  3. Click the plus sign in the Rules column.

  4. Add a rule name and description.

  5. Click Row Level, and then select the click the field link, and then select the field on which you want to apply the RLS security on field column.