are you feeling secure ? lee donaldson information builders
TRANSCRIPT
Are you feeling secure?Agenda
WebFOCUS components WebFOCUS security optionsManaged Reporting security
Authentication Authorization
Roles GroupsDomainsUsers
Dashboard Implementing Banner security
Are you feeling secure?WebFOCUS components
· WF Client - CGI version· Static HTML Content(Can alternatively be placedon J2EE Server)
Web Server
J2EE Application Server
WebFOCUS - Java Web App· WF Client - Servlet version· WF Dashboard - JSP Portal· WF Ad-hoc Tools - JSP/Beans
· WF Report Assistant - DHTML· WF Graph Assistant - DHTML· WF OLAP Control Panel - DHTML
WF ReportCaster - Java Web App · WF ReportCaster Servlets - Java API
· Scheduling - by Administrator · Scheduling - by User
WF User Admin. Services Repository
WF Open Portal Services(Portlets/Gadgets)
J2EE Application Server
WF Report Caster· Scheduling · Distribution· Archive Library· Open Distribution
Distribution Server
· Job Schedule Information· Archive Library · WF Reports & Open
Output Content
RDBMS w/BLOB Support
(JRE Required)
JDBC
WF Developer Studio· Graphical Report Designer· 4GL Developer Workbench· Metadata Management· User Management and
Administration· ReportCaster Administration· Managed Reporting
Administration· Portal Design and Development· Deployment· Version Control (Source Safe)
Developer Studio
200+ Intelligent Adapters & Connectors· Legacy Data· Relational Data· Transactional Systems· Messaging Systems· XML, EDI …· WebServices· Java
WFMetadataRepository
WF Resource Analyzer
WF Resource Governor
Usage Monitoring
MainframeUNIX
WindowsI5 (AS/400)
(35+ Platforms)
WebFOCUS Reporting Server
WF (iWAY) Adapters
WebFOCUS Reporting Server
WebFOCUS Reporting Server
WebFOCUS Reporting Server
JDBC
TCP
HTTP/S
HTTP/S
HTTP/S
JDB
C
JDB
C
Are you feeling secure?Security Checkpoints
· WF Client - CGI version· Static HTML Content(Can alternatively be placedon J2EE Server)
Web Server
J2EE Application Server
WebFOCUS - Java Web App· WF Client - Servlet version· WF Dashboard - JSP Portal· WF Ad-hoc Tools - JSP/Beans
· WF Report Assistant - DHTML· WF Graph Assistant - DHTML· WF OLAP Control Panel - DHTML
WF ReportCaster - Java Web App · WF ReportCaster Servlets - Java API
· Scheduling - by Administrator · Scheduling - by User
WF User Admin. Services Repository
WF Open Portal Services(Portlets/Gadgets)
J2EE Application Server
WF Report Caster· Scheduling · Distribution· Archive Library· Open Distribution
Distribution Server
· Job Schedule Information· Archive Library · WF Reports & Open
Output Content
RDBMS w/BLOB Support
(JRE Required)
JDBC
WF Developer Studio· Graphical Report Designer· 4GL Developer Workbench· Metadata Management· User Management and
Administration· ReportCaster Administration· Managed Reporting
Administration· Portal Design and Development· Deployment· Version Control (Source Safe)
Developer Studio
200+ Intelligent Adapters & Connectors· Legacy Data· Relational Data· Transactional Systems· Messaging Systems· XML, EDI …· WebServices· Java
WFMetadataRepository
WF Resource Analyzer
WF Resource Governor
Usage Monitoring
MainframeUNIX
WindowsI5 (AS/400)
(35+ Platforms)
WebFOCUS Reporting Server
WF (iWAY) Adapters
WebFOCUS Reporting Server
WebFOCUS Reporting Server
WebFOCUS Reporting Server
JDBC
TCP
HTTP/S
HTTP/S
HTTP/S
JDB
C
JDB
C
Are you feeling secure?Basic security concepts
Authentication Who are you Are you a valid user
Authorization What role are you
Administrator, Developer, End User What can you do
Use Report Assist, Use Reportcaster, Run Only user What do you have access to
Which reportsWhich databases or filesWhich records
Are you feeling secure?WebFOCUS Authentication options
No authentication Anonymous users
User authentication You supply a userid and password to gain access
Web server authentication IWA, Kerberos, Siteminder 3rd party Portals (Plumtree, Sharepoint, Oracle)
WebFOCUS Reporting server authentication Operating system DBMS LDAP Custom Set up with the WebFOCUS Server Console
Are you feeling secure?WebFOCUS Managed Reporting Security
Explicit Userid and password required Internal MR authentication
Integrated Sign on previously and values passed to WebFOCUS External authentication
Trusted No password required Credentials set by web server
WebFOCUS Managed Reporting Authentication
Web Access Management
Operating System
Lightweight Directory Access Protocol (LDAP)
Relation Database Management System (RDBMS)
WebFOCUS ReportingServer
CUSTOM
Are you feeling secure?Managed Reporting Security Administration
MRE Authorization MRE administrators set up environment Domains
Assign logical names to application folders in MREBusiness units, Types of data, test/production
UsersCreate entries for valid user idsAssign privileges to each user or use a default RoleAssign users ids to groups
WebFOCUS Security ModelWebFOCUS Managed Reporting Authorization
Roles – Administrators, run only users, Analytical users, custom Privileges – schedule, share reports, report library Groups – Categories of users - associated to Domains Domains – Groups of reports - groups are related to Domains
See the WebFOCUS Managed Reporting Administrator’s manual
WebFOCUS MRE Security Model
FINMGR
User
Analytical User
Role
Run ReportsSave My Reports
Assist Tools
Schedule Report Library
Accounting
Senior Managers
Groups
Finance
Plant Operations
Default Privileges
Optional Privileges
Domains
BI Dashboard - AuthorizationUsers, Groups and Domains
FINMGR
Accountant
Human Resource Manager
ACCOUNTING
SENIOR MANAGERS
HR
Are you feeling secure?Implementing Banner Security
WebFOCUS Reporting Server set for DBMS Security All users are validated for having valid Oracle userid Set up an adapter connection to Oracle with password
passthru Change server security to DBMS mode pointing to the
adapter connectionWebFOCUS Client set for WFRS security
Tell the WF Client (MRE, Dashboard) to send the userid and password entered to the WF server for validation
Adminstrator userid must be a valid Oracle idDashboard
Public or default userid must be a valid Oracle id
Are you feeling secure?Implementing Banner Security
FAU integrated WF DBMS security and Banner ODS Object security DART BOARD
Creates dynamic reporting templates per user based on Banner security definitions
Utilizes Banner Objects and Banner ClassesDART
Dynamic Application Reporting TemplateBOARD
Banner ODS Application Report Data
Are you feeling secure?Implementing Banner Security
DART - Dynamic Application Reporting Template Generation of measures (counts, totals, averages, minimum, max,
etc.) drilldown operational reporting pop-up field descriptions standardized look, styling, and operation crumb trails (documented filters, user id, date/time stamp) graphs preset selection of fields for reports Creation of Ad Hoc reports Applying business rules via the DEFINEs statement Ready to customize predefined reports Creation of key lists for subsequent reporting, matching, etc. Dynamic Page breaks Report options for PDF, Excel, and HTML formats
Are you feeling secure?Implementing Banner Security
BOARD - Banner ODS Application Report Data Integrates Banner ODS and Banner Security
Controls logon authentication from one sourceProvides access to
Reporting Templates LOV filters – List of Values specific per userApplies to Student, HR, Finance, Financial Aid and
AR modules Access is through the WebFOCUS Dashboard
Are you feeling secure?Implementing Banner Security
Access to templates is based on a 7 position token stored in a flat file
buspaw01.htm;PEAEMPL;Payroll Distribution;H;Payroll;IRM - BITS; payroll rcast101.htm;OPEN;ReportCaster Schedules;G;ReportCaster;IRM - BITS;
Position 1 – name of the launch page stored in WebFOCUS MRE Position 2 - security access value
Open to all, Closed to all, Limited to this Banner Object Position 3 – Title to be displayed on Dashboard Position 4 - Relating Group
C=Common, F=Finance, H=HR, G=General Utility, S=Student Position 5 – Banner Business Concept Position 6 - Developer Group/Name Position 7 - Notes