Description
Signals Data Factory includes a feature named Advanced Security, which is used to control which Measurement Types and Attributes that groups and its members can access, at the row level of table data. The AND logic, as compared to OR, may give unexpected results, until the detail is understood. It is important to manage the Advanced Security settings for ALL groups of which a logged in user is a member.
Solution
The Advanced Security configuration page color-codes the cells based on the current settings - Green, Red, and Blue.
If a user belongs to several Signals groups in SNConfig, and a measurement type is not restricted, then the user can access it. But then if one of the groups is configured to grant access to a measurement type, then the user loses access to that measurement type until ALL groups get defined access to that measurement type.
Note that Signals Project level security must grant access to the data, as well as this Advanced Security.
The following path to the Advanced Security page of the Signals Configuration Help describes the expected behavior in detail.
https://<tenant>/docs/help/Signals%20AG/Content/Configuration/Integrations%20with%20SNB/SaaS/Appendix%20Data%20Factory%20(Legacy)/Advanced%20Security.htm
Paste of a snippet from the above Help page: Currently the Security Policies for Inventa Access apply an “AND” logic across all user groups, restricting access if any groups lack permissions. Therefore, all groups the user is part of must have access for the user to have access to the entity or measurement. Note this is currently different than how the Security Policy works generically in Signals One and will be fixed in a future release.
Comments
0 comments
Article is closed for comments.