Data Security

Data security in Sisense can be divided into two types, data encryption and data access. Data communication is related to how data is secured by Sisense while be imported into Sisense and written on your server’s disk.

When data is imported into Sisense, the protocol used depends on the protocols supported by the data source. Sisense supports importing data over SSL, if the source supports it. Sisense supports SSL for data Retrieval, for example, when viewing data in dashboards.

Configuration data, such as account credentials and authorization profiles, are encrypted prior to being written to the disk. The encryption technology used by Sisense includes:

1. SHA-256

2. TripleDES

3. AES-256

For data at rest, Sisense supports OS based disk encryption, Windows file system encryption ​- Transparent Data Encryption (TDE). ​When using Windows transparent encryption, the key pair (private/public) is bound to the user identity. For more information, click here.

The second type of data security is data access. This type of data security refers to who can access your data after its imported into Sisense and displayed in a dashboard.

What is Data Access Security?

Sisense enables you to define Data Security Rules that control which users can access which portions of the raw data in an ElastiCube, down to row granularity. For example:

Use Case Example

How Does Data Access Security Work?

Each ElastiCube contains tables and each table contains fields. A Data Security Rule defines that a specific user can only see any data of an entire row of a table, if a specific field in that row has a specific value(s).

For example, in a Sales widget a salesperson (for example, Dan) will only see the sales amounts from the rows of a Sales ElastiCube whose Salesperson field contains the value Dan (rows 1 and 4).

Sales Table

# Salesperson Product Amount
1 Dan HD-TV $100
2 Matthew TV $300
3 Amber Media Center $700
4 Dan Player $200
5 Matthew Air Conditioner $600

Dan will not see any part of a row in the ElastiCube that does not contain the value Dan in the Salesperson field, nor will any amounts from this row be included in totals.

Note: The entire row of data is not seen by the relevant user even when the field to which the rule applies does not appear in the widget.

If a widget that shows the amount spent per product is shared with Dan , then he will only see HD-TV and Player and the sales total will be 300$.

Defining Data Access Security for an ElastiCube

Each Data Security Rule applies to a specific field in an ElastiCube and to specific user(s)/user group(s). It enables you to define the values that must be contained in a specific field to enable that entire row of data to be available to a user.

To access Data Security:

  1. Click Admin and select the ElastiCube tab in the menu.
  2. For the relevant ElastiCubee, select and click Data Security.
    If no data security rules have yet been defined for this ElastiCube, then the following message is displayed:
  3. Click Add Field to display a list of the fields in this ElastiCube.

  4. Select a field. For example, Brand. The following window is then displayed in which you can define rules.
    Note: You cannot select date type fields.

    The left side of this table enables you to define which users/user groups can access this data. Click + Add Restriction and start typing into the Restricted User/Groups field to get a drop-down list.
    Add as many users/user groups, as necessary.
    The right side of this window enables you to define which values the specified users/user groups are permitted to see.
    Start typing into the Values field to get a drop-down list.

Multiple Values can be Selected.

The value of numeric type fields must be typed into this field, as no auto-complete option appears for numeric type fields.

Alternatively, you can select:

For example, you can define that the following Users/User Groups must have the following values in the Product Category column to enable them to see their data row in a widget.

#User/User GroupProduct Category
1ManagementEverything
2BobApple Mac Desktops
3DonCalculators, Camera Flashes
4Everyone elseNothing

This means that management can see the data of all Product Categories, Don can only see the data of Calculators and Camera Flashes, Bob can only see the data of Apple Mac Desktops, and Everyone else won’t see anything.

How Does Data Level Security Work for Tables with Relationships?

Tables in an ElastiCube may have a relationship between them.

As described above, each widget only shows any data of an entire row of a table, if a specific field in that row has a specific value.

In addition, a widget may further restrict the data shown to a specific user when a rule is defined for a table that has a relationship to a table that has a field in the widget.

This means that a widget only shows the data permitted by the combined Data Security Rules assigned to all the tables that have any field in the widget.

As described above, the entire data row is restricted even when the field to which the rule applies does not appear in the widget. The entire row of data is also restricted even when the field of the relationship between the two tables does not appear in the widget.

Use Case Example – Expanding Upon the Example Above