The look and feel of both dashboards are similar, but the security classification of the data is different. For example, you can have two dashboards for analyzing sales results data. In a BI application, different assets are usually categorized according to business domains (such as an operational dashboard or executive summary dashboard) and data classification (critical, highly confidential, internal only, and public). Let’s discuss some use cases of asset access permissions in detail. Within each tenant, the BI admin team has to create different user groups to control the data authorization, including asset access permissions and granular-level data access. Each user, who can see all other users belonging to the same tenant (for example, when sharing content), remains invisible to other tenants. In a multi-tenancy design, each tenant shares the dashboards, analyses, and other QuickSight assets.
#POWERREADER CD VIEWER SOFTWARE#
Tenants could either be different customers of an independent software vendor (ISV), or different departments of an enterprise. In enterprise BI application design, multi-tenancy is a common use case, which serves multiple sets of users with one infrastructure. This AWS CDK CI/CD design bridges the gaps between development and operation activities by enforcing automation in building and deploying BI applications. At the same time, BI administrators can edit another set of parameters to manage users or groups. BI developers can edit configuration parameters to release new dashboards to end-users. This avoids possible human errors made by BI developers or administrators. The AWS CDK application template fits into the continuous integration and continuous deployment (CI/CD) infrastructure and grants or revokes all authentications and authorizations based on a defined policy prescribed by AWS. You can reference AWS Systems Manager parameters in your scripts and configuration and automation workflows by using the unique name that you specified when you created the parameter. You can store data such as user name, user permissions, passwords, and database strings as parameter values. Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. One of the advantages of our solution is enterprises can deploy the security framework to administer access control of their BI without leaving AWS.Īll configurations are saved in the AWS Systems Manager Parameter Store. This post describes the best practices for QuickSight authentication and authorization granular access control, and provides a centralized cloud application with an AWS Cloud Development Kit (AWS CDK) stack to download. We have received a large number of requests to provide an advanced programmable approach to deploy and manage a centralized QuickSight security architecture. However, in specific cases, an enterprise can easily have hundreds or thousands of users and groups, and these access management methods aren’t efficient. For a straightforward solution to manage Amazon QuickSight user and asset access permissions, you can use the AWS Command Line Interface (AWS CLI) or AWS Management Console to manually edit QuickSight user role and dashboard access. Such architecture should provide BI administrators and architects with the capability to minimize the amount of information accessible to users. A large business intelligence (BI) project with many users and teams and sensitive information demands a multi-faceted security architecture.
0 kommentar(er)
