Sisense Security Overview

Sisense Security Architecture

Sisense is built around a robust and flexible security architecture that is both comprehensive and intuitive. This architecture has been designed to ensure security processes are enforced while scaling to enterprise deployments of Sisense. This includes the ability to secure dashboards and data as well as implement custom security requirements that suit your organization. This section provides a general overview of the main security features.

Security is based around three levels associated with sets of security features. The diagram below maps this security architecture on a system, data and object level.

System Level Security

System-level security encompasses security features for role-based settings and integration options. This includes user and server management, connection to an active directory, Single Sign-On (SSO) implementation, and use of the security REST API.

User Management

You can assign five primary roles to Sisense users:

These roles can be defined on either a user or group level to determine sharing, access and security. To learn more about user roles, click here.

ElastiCube Server Access Rights

You can assign access rights to different ElastiCube servers for individual users, groups or to everyone. These settings allow the management of different environments such as a testing and production server, or servers for specific projects or departments. See also ElastiCube Server and ElastiCube Security.

Note: Following improvements to ElastiCube security in Sisense V7.0 and later, ElastiCubes created prior to Sisense V7.0 are accessible to everyone by default, unless you have defined the ElastiCube's access rights. For ElastiCubes created after Sisense V7.0, the default access is only for the ElastiCube owner. When the ElastiCube is ready, it should be shared with the relevant people, or with "Everyone" if that is the desired access policy.

Active Directory

Connect existing users and groups from your organization’s Active Directory to define security and sharing properties and reduce deployment time. This removes ‘password fatigue’ as users can rely on existing credentials while organizational policies around security credentials such as updates can be enforced. See also Integrating Active Directory.

Single Sign-On (SSO)

SSO facilitates seamless integration between Sisense and other systems in your organization while offering standardization of authentication policies across your organization. This can improve user productivity by avoiding password fatigue and reduce support overhead. See also Configuring SSO.

REST API

The Security REST API provide access to parameters to integrate and automate restrictions and access control based on existing settings and standards. Specify access rights and security to dashboards, ElastiCubes and data. Manage users via the API to create, edit and assign new users or groups. Click here to visit the API documentation site.

Object Level Security

Object security defines access rights for different users and groups to various components within Sisense. The two main objects are dashboards and ElastiCubes.

Dashboards

You can share dashboards on either a user or group level. The sharing options include the configuration of access rights for all users as well as whether users defined as designers may edit the dashboard. The sharing options also include subscription settings that define which users and groups will receive email reports. See also Sharing Dashboards.

ElastiCubes

You can define access rights to different ElastiCubes on a user or group level. This enables flexibility to create ElastiCubes for specific user or group needs while offering strict access control. See also Sharing ElastiCubes.

Data Level Security

Data access must provide data to people only to the extent that they need to complete their jobs. Data Level Security provides the necessary control to enforce varying degrees of data visibility and access to support the separation of duties. A single dashboard can be shared with many users, but each viewer sees only data relevant to their needs. This reduces both development time and provides for security.

Security on the Row Level

You can grant user and group permissions to specific rows in the data. For each ElastiCube, you can apply multiple rules to enforce granular access control.

Row Level Defaults

Control which data is accessible for users or groups that do not have explicit security rules. For example, enable new employees to access a restricted data set until they are added to relevant groups. You can set defaults to include everything, nothing or view based on a security rule.

See more in Data Security below.

Security Levels

Sisense provides two levels of security:

ElastiCube Security

What is ElastiCube Security?

Sisense enables you to define access rights to control which users can access which ElastiCubes, whether they are creating new dashboards or trying to access shared dashboards.

ElastiCube Security – Use Case Example

You may have an ElastiCube named Marketing and only want the CEO and Marketing team to have access to it. You can grant rights only to them using ElastiCube Security, thus denying anyone else access.

How Does ElastiCube Security Work?