Now if you are just doing a trial and want to jump right into building some reports and dashboards, you can skip over this section and go right to the Report Building one.
But here’s the caveat, you’ll have to edit all those reports to apply proper security later. Not a huge deal, but we always try to keep things simple, and doing a little planning of security upfront can save you time later.
In this section, we’re going to give you the basics of planning and configuring security in Yurbi and provide you an example of a simple setup and a department or multi-tenant security model.
Yurbi was designed to be a very secure application. If we are going to make accessing your data easier, we had to make sure it was protected. But we also designed security to be there if you need it, but out of sight if you just needed a simple, small team BI solution.
Yurbi has 4 levels of security built-in.
Authentication
Yurbi has the concept of secured users, those with a login and password to log into Yurbi and non-secured users. We refer to non-secured users as Guest Viewers and while they can’t log into Yurbi, they are able to view any report that you have assigned a Public View license.
Any users that needs to receive a scheduled report, build reports, or do administration by default has to be a secured user.
The key differences between a secured view-only user (we call them Agents) and a non-secured Guest Viewer are:
- Secured viewers can receive and manage scheduled email reports, Guest Viewers cannot
- Secured viewers can save Dashboard preferences so each time they view a Dashboard, it’s configured exactly the way they want. Guest Viewers are anonymous, so they cannot
- Secured viewers can have dynamic data-level security applied, so while they can view a report and dashboard, each user will see only what they should. Guest Viewers see the report exactly the way it is designed, no dynamic security based on who they are (because they are anonymous)
- Secured viewers are monitored and the Yurbi audit logs can tell you exactly what secured users are doing, what reports they run, data they export, and more. Guest Viewers are anonymous, so we know a report was run, but we can’t tell you by who.
Most of your users will most likely be secured users, however, Guest Viewers are perfect when you want to share common data to a large audience or when you want to share a quick report with someone and security is not critical.
Access
Just because you give a user an account doesn’t mean they can do anything in Yurbi. The second level of security is access control.
You have to explicitly give each user permission to communicate with one of your Yurbi Apps. If a user doesn’t have access to a Yurbi App, they can see any reports generated from that Yurbi App or build any reports from that Yurbi App.
Plus, since Yurbi is the only thing that talks directly to your data sources, once you grant someone access to a data source, you can just as easily take it away with a single mouse click (plus one more mouse click to hit save).
Role-Based
Yurbi has 2 levels of role-based security.
First, once you give someone access to a Yurbi App, you control what role they are granted. Those are:
- Agent – These are view-only users, so they will only be able to run, schedule, and export data from the data source.
- Builder – This role can build new datasets and visualizations from scratch, or edit existing reports (that you give them permission to).
- Architect – This user has access to the raw database tables and fields and can create or modify Yurbi Apps
The second level of role-based security applies to Folder and Report-level security. Those are:
- View – Users have read-only access to a folder or report
- Modify – Users have the ability to edit a report or if applied to a folder, they can create a subfolder or save new reports inside a folder.
- Delete – Users have the ability to delete folders and delete reports.
Data-Level
The 4th level of security in Yurbi is data-level. This allows each user to see only the data they are allowed to see. For example, managers have the ability to see company-wide information in a dashboard whereas the manager of a department may only see departmental level data.
Once data level security is configured, users are able to view the same set of dashboards and reports and dynamically have the data limit to their need to know.
Planning
In the video below, we outline the above information and also discuss how to approach the planning of user authentication and access, folder and report security groups, and data-level security.
After watching this video, the next sections will show you specific security configuration for simple environments and department/multi-tenant environments.