Jump to content

  • Spotfire Statistica® Roles Based Security

     Share

    You can stop reading if you don't own Spotfire Statistica® Server (old product name) or Spotfire Statistica® Operations. This article discusses an application that is only available with these products. 

    Use the Statistica Enterprise Manager application to maintaining users and groups for roles based security. 

    Creating and Updating Users and Groups

    There are two types of users:

    • Local users
    • Imported Windows domain users

    Local users exist only within the product. To create a new user, click the New User button. The image below shows local users named Admin, Bob, System and Venu. The image also shows an imported domain user (domain\user-name). 

    The lowest maintenance method for IT is to create domain groups that align with the work teams. Then create groups within Statistica Enterprise Manager that are linked to the domain group.  Then a job will be scheduled on Statistica Server to run once a day, once an hour, every 15 minutes... depending on how frequently domains are updated...  to keep the domain and application synchronized.

    This allows IT to update domain groups which are reflected within Statistica after the scheduled job runs. 

    domain_group_association.png.58e099149e3981bec6a6348229213cab.png

    Configuring Groups to Manage Permissions

    Depending on the level of control needed (raw data contains personal identifying information, trade secrets, new development, company's secret sauce), you should consider structuring groups into two security levels. This separates the issue of "who needs to use the tool" vs "who gets access to the analytic results". This allows the application's users to feel comfortable that they are taking the correct security measures. 

    • System level groups define what applications or areas of the system their users can access. These groups have permissions. In the picture above, checkboxes will be selected in Group Permissions. Names for System level groups might be: 
      • Adminstrators
      • Database Connection Admin
      • Enterprise Analysis Admin
      • Everyone
      • Statistica
      • Web
    • Object level groups grant users edit and read (execute) permission to configurations (analytic workflow). In the picture above, no checkboxes will be selected in Group Permissions. These groups only exist to give access to objects (workspace, data connection (SQL), database connection) inside of Statistica Enterprise Manager. These groups could be named:
      • Data Scientists NY
      • Project Secret
      • Team North

    Here is a concrete example to better understand the guidance above. 

    There are three departments that need to use Statistica for ad-hoc analysis and to create workspaces (analytic projects). IT would create: 

    • Windows Domain Group: Statistica-Users 
    • Statistica Enterprise Manager Group: Has permission USR and is set to sync to Statistica-Users

    IT just needs to update Statistica-Users in the domain to add or remove users from using Statistica. 

    Management decides to start "project secret" and all the analytic results need to be limited to just this group. The project's team members are being assigned from various parts in the company. IT would:

    • add people to the domain group Statistica-Users - grants access to the tool
    • create a new Windows Domain Group named Statistica-Project-Secret and add the team members
    • create new Statistica Enterprise Manager Group named Project Secret without any system permissions and sync to Statistica-Project-Secret domain group
    • team members would be instructed to use Statistica-Project-Secret on their objects. When they create a new analytic workflow, they add Statistica-Project-Secret as having read (execute) permissions
    • the other issue to think through is who gets edit permissions to modify the analytic project - sometimes groups will be created like Statistica-Project-Secret-Editor

    object_permissions.png.e6f2c87e76bf42bb7f07a76f1be943e7.png

    Licensing Compliance

    Spotfire Statistica® - Author is sold per named user. Or you may own older Statistica licensing that was sold per named user. 

    Spotfire Statistica® - Operations is sold per processor. Or you may own older Statistica licensing that was sold per processor. 

    When creating users and groups in Statistica Enterprise Manager application and thinking about licensing compliance... if the user or group only contains the following permissions they will not count as a named user for Spotfire Statistica® - Author. These permissions are for configuring / administrating the product.

    • Database Admin (EXTDB_ADM). Required to create or edit Database Connections.
    • Folder Admin (FADM). Allows users to manage system folders (create new, rename, delete) without having full Administrator permissions.
    • System Admin (SADM). The system "super-user," which enables the user to review/edit/delete any system configuration and is a super set of all of the other system permissions.
    • User Admin (UADM). Necessary to manage system Users and Groups.

    The permissions below are used to grant users the ability to log into WebStatistica. This component is shipped with Spotfire Statistica® - Operations or Spotfire Statistica® Server which is sold per processor. If the user or group only contains the following permissions they will not count as a named user. 

    • Web User (WUSR). Necessary to use the system via a Web browser.
    • Web Viewer (WVWR). Necessary to review reports via the Statistica Enterprise Server Knowledge Portal.
     Share
    Go to articles

    User Feedback

    Recommended Comments

    There are no comments to display.


×
×
  • Create New...