Sisense Security Architecture
Applicable to Sisense on Linux and Microsoft Windows
Sisense is built around a robust and flexible security architecture that is both comprehensive and intuitive. This architecture has been designed to ensure security processes are enforced while scaling to enterprise deployments of Sisense. This includes the ability to secure dashboards and data as well as implement custom security requirements that suit your organization. This section provides a general overview of the main security features.
Security is based around three levels associated with sets of security features. The diagram below maps this security architecture on a system, data and object level.
System Level Security
System-level security encompasses security features for role-based settings and integration options. This includes user and server management, connection to an active directory, Single Sign-On (SSO) implementation, and use of the security REST API.
You can assign five primary roles to Sisense users:
- Data Admin
- Data Designer
These roles can be defined on either a user or group level to determine sharing, access and security. To learn more about user roles, Sisense User Roles.
ElastiCube Server Access Rights
You can assign access rights to different ElastiCube servers for individual users, groups or to everyone. These settings allow the management of different environments such as a testing and production server, or servers for specific projects or departments. See also ElastiCube Server and Data Model Security.
Note: Following improvements to ElastiCube security in Sisense V7.0 and later, ElastiCubes created prior to Sisense V7.0 are accessible to everyone by default, unless you have defined the ElastiCube's access rights. For ElastiCubes created after Sisense V7.0, the default access is only for the ElastiCube owner. When the ElastiCube is ready, it should be shared with the relevant people, or with "Everyone" if that is the desired access policy.
Connect existing users and groups from your organization’s Active Directory to define security and sharing properties and reduce deployment time. This removes ‘password fatigue’ as users can rely on existing credentials while organizational policies around security credentials such as updates can be enforced. See also Integrating Active Directory.
Single Sign-On (SSO)
SSO facilitates seamless integration between Sisense and other systems in your organization while offering standardization of authentication policies across your organization. This can improve user productivity by avoiding password fatigue and reduce support overhead. See also Introduction to SSO.
The Security REST API provide access to parameters to integrate and automate restrictions and access control based on existing settings and standards. Specify access rights and security to dashboards, data models and data. Manage users via the API to create, edit and assign new users or groups. Visit the API documentation site.
Object Level Security
Object security defines access rights for different users and groups to various components within Sisense. The two main objects are dashboards and data models.
You can share dashboards on either a user or group level. The sharing options include the configuration of access rights for all users as well as whether users defined as designers may edit the dashboard. The sharing options also include subscription settings that define which users and groups will receive email reports. See also Sharing Dashboards.
You can define access rights to different Data Models on a user or group level. This enables flexibility to create models for specific user or group needs while offering strict access control. See also Sharing ElastiCube Models.
Data access must provide data to people only to the extent that they need to complete their jobs. Data Level Security provides the necessary control to enforce varying degrees of data visibility and access to support the separation of duties. A single dashboard can be shared with many users, but each viewer sees only data relevant to their needs. This reduces both development time and provides for security.
Security on the Row Level
You can grant user and group permissions to specific rows in the data. For each data model, you can apply multiple rules to enforce granular access control.
Row Level Defaults
Control which data is accessible for users or groups that don't have explicit security rules. For example, enable new employees to access a restricted data set until they are added to relevant groups. You can set defaults to include everything, nothing or view based on a security rule.
See more in Data Security below.
Sisense provides two levels of security:
What is Data Model Security?
Sisense enables you to define access rights to control which users can access which models, whether they're creating new dashboards or trying to access shared dashboards.
Data Model Security – Use Case Example
You may have an data model named Marketing and only want the CEO and Marketing team to have access to it. You can grant rights only to them using Data Model Security, thus denying anyone else access.
How Does Data Model Security Work?
- You can define which users/user groups have access to a data model.
- By default, only the data model's creator, Administrator and Data Administrator can access a data model. Once you start assigning users/user groups access rights to a data model, then those users/user groups will have access to the model. The type of access is determined their role and what access you assign to the user.
- When a user attempts to access a dashboard using a direct link and that dashboard is based on a data model to which that user doesn't have access rights, a security message is displayed.