Use Data Delivery Apply Security to assign security to Denodo views

On this page:

Overview

Data Delivery Apply Security is a tool for assigning security to Denodo views and Tableau workbooks on servers at Indiana University. To begin the process of assigning security in Denodo, a Denodo developer constructs and submits a security request, which is then reviewed and approved/denied by a Data Manager (DM).

View the objects to which you can apply security

Note:
If you have developer access to a Denodo VDB, you can request that security be applied to a view in that VDB.

To see the Denodo views for which you have developer permissions:

  1. In Data Delivery Apply Security, from the System drop-down list, select Denodo, if it isn't already selected.
  2. From the Virtual Database (VDB) drop-down list, select the VDB from which you want view information.
  3. Under "My Views", you'll see the list of Denodo views for which you have developer permissions, along with additional information. You'll see each view's name, the folder it is in, and whether there are any pending or applied security requests. To find the correct view in the list, scan the list or use the "Filter results" box.
    Note:
    When a view is first created, it could take up to an hour for it to appear in your list of Denodo views.

    You will also see one of the following two actions associated with each view:

    • The Apply button takes you to the wizard to request new security be applied to the view.
    • The View button displays a summary of permissions and their approval status. If you need to apply additional security, click Add security to go to the wizard. To return to your full list of views, click Home in the breadcrumbs.
    Note:
    To reduce the number of views displayed, use the "Filter results" box to filter the results based on text found in either the view name or the folder name.

Add security

After you click Apply or Add security, you'll enter a setup wizard that will walk you through the collection of the necessary security information for the appropriate Data Manager (DM) to review your request. Be aware that selections you make in earlier steps of the wizard may alter or limit your available options in later steps.

The setup wizard includes the following seven steps:

  1. Environment: Select all of the Denodo environments (Development, Staging, and/or Production) where you want the permissions to be applied to the view.
    Note:
    When a view is migrated to the Staging or Production Denodo environment for the first time, it could take up to an hour for that environment option to appear.
  2. Data Classification: Select the most sensitive level of data included in your view. This selection will affect the permissions available for you to apply in the wizard's Permissions step. For more about data classification, see Classification levels of institutional data.
  3. Enterprise Data: The selections you make in this step will determine which DM(s) will be responsible for approval of your request. If you select multiple areas of enterprise data, multiple DMs will be contacted for approval. If you don't select any enterprise systems, you'll need to confirm that your report contains no enterprise data before you can leave this step.

    To see which DMs are associated with a particular enterprise system, select the system from the drop-down list; the list of associated DMs will be displayed below. If you need to remove a system, click Remove to the right of the information listed for that system.

  4. Compliance: Select the agreements and tutorials required for people to use your view; this is in addition to the specific permissions you'll select in the wizard's Permissions step.
    • The Acceptable Use Agreement, FERPA tutorial, and HRMS Data Use tutorial will be selected by default, because at IU, Denodo views are restricted to users who have completed all three tutorials.
    • If you selected one or more enterprise systems in the wizard's Enterprise Data step, you might notice that other compliances have been preselected here. DMs for particular data areas can predefine required compliances for their area; in such cases, you cannot deselect these compliances.
    • If any options are not preselected, and you believe that users of your view need to be educated on one or more of these data policy categories, you may select them.

    Any options you select in this step will be imposed on the groups you select for viewing. For example, at a minimum, only users in your group who are up to date on their AUA, FERPA, and HRMS Data Use tutorials will be allowed to use the Denodo view.

  5. Permissions: Indicate exactly what type of permissions you're requesting. The selections available to you will vary depending on choices you made in the wizard's Data Classification step.
    • IU employees and affiliates (University-Internal): This option is available if you set the data classification to University-Internal data. Compliances are enforced with this option. Only IU employees and approved affiliates who are up to date on the AUA, FERPA, and HRMS Data Use tutorials will be able to use the view. If you selected additional tutorials in the wizard's Compliance step, those will be enforced as well.
    • One or more groups: This option is available regardless of what you selected in the wizard's Data Classification step. When you select this option, you'll need to enter the ACM groups to which you wish to secure the view. You can enter multiple groups or create a new group, if desired. Compliances are enforced with this option. Only users who are members of a relevant ACM group and are up to date on the AUA, FERPA, and HRMS Data Use tutorials will be able to use the view. If you selected additional tutorials in the wizard's Compliance step, those will be enforced as well.
  6. Rationale: Describe the business rationale for the access level you're requesting. For example, in most cases, the rationale is either that access is needed to perform job functions or access is needed for a special project. Use the "Description" box to enter the justification for your request or to communicate special instructions.
  7. Summary: Review all of your previous selections. If any are incorrect, click Edit to return to the appropriate step of the wizard and make corrections. When all entries look correct, submit your request.
    • If the view contains enterprise data, the request will route to the appropriate DM(s) for approval; the "Routing" section will indicate which DM(s) will review your request.
    • If the view does not contain enterprise data, the requested security will immediately be applied.

Below are general tips to help you use the setup wizard.

  • Do not use your web browser's built-in forward and back buttons. Doing so will take you out of the wizard completely, rather than navigating through the wizard itself.
  • At any time, you can click Cancel to leave the wizard. However, if you do this, none of the information you've entered will be saved.
  • When you complete a step of the wizard, click Next to advance to the next step.
  • Once you've proceeded past the first step, you will also have a Back navigation button. If you use this button to go back to a previous step, the information you've already entered will be retained. However, if you change your selections in an earlier step, this might change your available options in a later step, thus eliminating the details originally captured in the later step.
  • Track your progress in the wizard using the navigation bar at the left side of the screen.
  • On the summary step, if you click an Edit button to return to a particular step of the wizard, you'll need to click through all the remaining steps to reach the summary step again.

Review security requests

To review your security requests, go to the list of Denodo views for which you have developer permissions, and click View next to the appropriate view.

Note:
You will only see the View button if the view has one or more pending or applied security requests.

Pending security requests

Pending security requests are denoted by gold alerts below the name of the view. In each alert, you'll see the name of the requester and the date the request was made.

Approved security requests

Approved security requests are displayed in a table under the name of the view. You'll see the name of the Denodo environment, permission, and any compliances that are enforced. There will also be a drop-down list that may include options to view the permission group in ACM, delete the permission, and view the publishing request.

Remove security

To remove security from a Denodo view:

  1. Next to the appropriate view name, click View.
  2. In the list of permissions, find the one you wish to remove.
  3. On the right side of the row corresponding to the permission to be removed, click the down arrow to open the drop-down list, and then select Delete.
  4. Confirm the deletion.
Note:
You can only remove security groups one at a time, even if you originally added multiple security groups to a view in a single request.

Related documents

Create, edit, or delete Access Control Management (ACM) groups Use Data Delivery Apply Security to assign security to Tableau workbooks

This is document bglv in the Knowledge Base.
Last modified on 2022-01-18 13:29:08.