Metadata Security Pre-Filtering

This article talks about introduction to Metadata Security Pre-filtering. Metadata pre-filtering is a process where a filtering of information within organization, user, role etc takes place at a metadata level.

For example, your most of the company members can access database Adhoc UI and drag drop interface, but only few should have access to the revenue column. In such cases if you want to selectively show or hide certain tables or columns to selected organizations, roles or users this process is useful.

To apply metadata security pre-filtering conditions there are two ways to achieve it :

  1. Front End Level
  2. Back End Level

Now, Helical Insight Application is available in two versions :

  • Enterprise version supports UI driven data security. For more details visit This Blog
  • Community version

In Enterprise version, there is a UI available for applying metadata-security pre-filtering conditions but in case of Community Version, no UI available for applying a condition, so through back end approach metadata-security pre-filtering conditions can be easily applied. Further details will cover applying metadata-security pre-filtering conditions through back end approach.

When a metadata is shared with the organization/user or with other organization usually a lot of question occurs in the owners mind like how to limit the shared data with other user / organization, how to hide sensitive fields of a database, showing relevant table to a user from the list, and so on. Yes, it is possible to achieve using Helical Insight. In Helical Insight, at metadata level a user can apply pre-filters so that whenever a metadata is shared with any user / organization he or she can get only selective to access to tables and columns and data of the database.

Various levels at which pre-filters / security filters can be applied are :

  1. Organization (single / multiple)
  2. User (single / multiple)
  3. Role (single / multiple)
  4. Profile (single / multiple)

In case of database, levels at which pre-filters / security filters can be applied are :

  1. Table
  2. Column
  3. Data



Application

Let us understand how to apply a filter at a metadata level. Following are the steps :

  1. Identify the metadata which is to be shared.
  2. Open the “filename.metadata” file.

    3. .metadata file consist of following details like

    • Connection details
    • File details
    • Database details
    • Table details
    • Column details
    • Relationship details
    • Sharing details
    • Security details

    and so on…

1



3. Now, there can be various condition in which metadata has to be shared like

  • sharing with another user
  • sharing with a role
  • sharing with a profile
  • sharing with other organization

For this, an expression is to be added in the .metadata file. Open the .metadata file in the server using any editor like notepad++.  Suppose you want to hide a column from a shared metadata with other user, then expression to be written in the following way :

<access>
<expression id="1" type="conditionIf" expressionType="column" 
on="Travel.Journey_Details.Destination" accessType="deny">
            <condition>
                  ${user}.name = 'user1'  // user level sharing
            </condition>
</expression>
</access>

type : by default the value is set to “conditionIf” which means the expression in <condition> tag will either evaluate to true or false and the security will be applicable depending upon the result.



expressionType: This defines on which data you would like to apply condition. It can column or table.



accessType : it tells whether to show or hide the respective table/ column/data by setting value to “grant” or “deny”. “deny” will hide the column whereas “grant” will display the column.

${user}.name = ‘user1’ : This condition tells that users name should match with the name given which is ‘user1’.

When a user1 logs in, then on using the shared metadata the user1 will not be able to access the ‘Destination’ column. Whereas other users will get access to this column.

You can add Multiple columns in the same expression by using comma expression.

In case if you would like to restrict entire table, in expression type use “Table” and mention the table name.

4. Make the necessary changes in metadata and save the file. Please note that the metadata file can be opened in server using any editor like notepad++.



For further assistance, kindly contact us on support@helicalinsight.com or post your queries at forum.helicalinsight.com

You May Also Like

Leave a Reply

Helical Insight’s self-service capabilities is one to reckon with. It allows you to simply drag and drop columns, add filters, apply aggregate functions if required, and create reports and dashboards on the fly. For advanced users, the self-service component has ability to add javascript, HTML, HTML5, CSS, CSS3 and AJAX. These customizations allow you to create dynamic reports and dashboards. You can also add new charts inside the self-service component, add new kind of aggregate functions and customize it using our APIs.
Helical Insight’s self-service capabilities is one to reckon with. It allows you to simply drag and drop columns, add filters, apply aggregate functions if required, and create reports and dashboards on the fly. For advanced users, the self-service component has ability to add javascript, HTML, HTML5, CSS, CSS3 and AJAX. These customizations allow you to create dynamic reports and dashboards. You can also add new charts inside the self-service component, add new kind of aggregate functions and customize it using our APIs.
Helical Insight, via simple browser based interface of Canned Reporting module, also allows to create pixel perfect printer friendly document kind of reports also like Invoice, P&L Statement, Balance sheet etc.
Helical Insight, via simple browser based interface of Canned Reporting module, also allows to create pixel perfect printer friendly document kind of reports also like Invoice, P&L Statement, Balance sheet etc.
If you have a product, built on any platform like Dot Net or Java or PHP or Ruby, you can easily embed Helical Insight within it using iFrames or webservices, for quick value add through instant visualization of data.
If you have a product, built on any platform like Dot Net or Java or PHP or Ruby, you can easily embed Helical Insight within it using iFrames or webservices, for quick value add through instant visualization of data.
Being a 100% browser-based BI tool, you can connect with your database and analyse across any location and device. There is no need to download or install heavy memory-consuming developer tools – All you need is a Browser application! We are battle-tested on most of the commonly used browsers.
Being a 100% browser-based BI tool, you can connect with your database and analyse across any location and device. There is no need to download or install heavy memory-consuming developer tools – All you need is a Browser application! We are battle-tested on most of the commonly used browsers.
We have organization level security where the Superadmin can create, delete and modify roles. Dashboards and reports can be added to that organization. This ensures multitenancy.
We have organization level security where the Superadmin can create, delete and modify roles. Dashboards and reports can be added to that organization. This ensures multitenancy.
We have organization level security where the Superadmin can create, delete and modify roles. Dashboards and reports can be added to that organization. This ensures multitenancy.
We have organization level security where the Superadmin can create, delete and modify roles. Dashboards and reports can be added to that organization. This ensures multitenancy.
A first-of-its-kind Open-Source BI framework, Helical Insight is completely API-driven. This allows you to add functionalities, including but not limited to adding a new exporting type, new datasource type, core functionality expansion, new charting in adhoc etc., at any place whenever you wish, using your own in-house developers.
A first-of-its-kind Open-Source BI framework, Helical Insight is completely API-driven. This allows you to add functionalities, including but not limited to adding a new exporting type, new datasource type, core functionality expansion, new charting in adhoc etc., at any place whenever you wish, using your own in-house developers.
It handles huge volumes of data effectively. Caching, Pagination, Load-Balancing and In-Memory not only provides you with amazing experience, but also and does not burden the database server more than required. Further effective use of computing power gives best performance and complex calculations even on the big data even with smaller machines for your personal use. Filtering, Sorting, Cube Analysis, Inter Panel Communication on the dashboards all at lightning speed. Thereby, making best open-source Business Intelligence solution in the market.
It handles huge volumes of data effectively. Caching, Pagination, Load-Balancing and In-Memory not only provides you with amazing experience, but also and does not burden the database server more than required. Further effective use of computing power gives best performance and complex calculations even on the big data even with smaller machines for your personal use. Filtering, Sorting, Cube Analysis, Inter Panel Communication on the dashboards all at lightning speed. Thereby, making best open-source Business Intelligence solution in the market.
With advance NLP algorithm, business users simply ask questions like, “show me sales of last quarter”, “average monthly sales of my products”. Let the application give the power to users without knowledge of query language or underlying data architecture
With advance NLP algorithm, business users simply ask questions like, “show me sales of last quarter”, “average monthly sales of my products”. Let the application give the power to users without knowledge of query language or underlying data architecture
Our application is compatible with almost all databases, be it RDBMS, or columnar database, or even flat files like spreadsheets or csv files. You can even connect to your own custom database via JDBC connection. Further, our database connection can be switched dynamically based on logged in users or its organization or other parameters. So, all your clients can use the same reports and dashboards without worrying about any data security breech.
Our application is compatible with almost all databases, be it RDBMS, or columnar database, or even flat files like spreadsheets or csv files. You can even connect to your own custom database via JDBC connection. Further, our database connection can be switched dynamically based on logged in users or its organization or other parameters. So, all your clients can use the same reports and dashboards without worrying about any data security breech.
Our application can be installed on an in-house server where you have full control of your data and its security. Or on cloud where it is accessible to larger audience without overheads and maintenance of the servers. One solution that works for all.
Our application can be installed on an in-house server where you have full control of your data and its security. Or on cloud where it is accessible to larger audience without overheads and maintenance of the servers. One solution that works for all.
Different companies have different business processes that the existing BI tools do not encompass. Helical Insight permits you to design your own workflows and specify what functional module of BI gets triggered
Different companies have different business processes that the existing BI tools do not encompass. Helical Insight permits you to design your own workflows and specify what functional module of BI gets triggered