1 Reply Latest reply: Nov 4, 2015 2:48 PM by mikell _ RSS

    Dashboard Security Filters

    mikell _

      When I assign a Dashboard (DshX for example) to a User Group (GrpY for example), and don't assign a Dashboard Security Filter (for dashboard DshX and GrpY) when a member from GrpY logs in on the Client side and views DshX, the ListBox we use to show the Client's Name (which also feeds the Client's ID to the remainder of the dashboard) will see all of the available clients, which is an extreme nono. The way all of our dashboards are setup is to have the code for the Client ListBox select all clients and use the Data Security Filters in the Source for the Client ListBox, which get assigned in the Group rights, to allow Client Y to only see data for its company. Unless I'm missing something and we might have our setup wrong, this seems to suggest that if a Client has a Dashboard assigned, but no Data Security Filter assigned, will be able to see all clients data. And I have seen where a client had their Data Security Filter assigned only to see it disappear the next time we access the Data Security Filter area for that client.

        • Re: Dashboard Security Filters
          mikell _

          As a reply to myself, it seems that part of the problem we are observing in our DatawatchES system is redundant Data Security Filters.  When in the Rights and Privileges/User Groups, and looking at the User Group of Clients where the Data Security Filters are not working (showing all possible clients), I observe multiple Data Security Filters, of exactly the same name, in the "Available Data Security Filters" selection area. Scanning through all of the Clients, there are three that have this issue. Examining the Data Security Filter list in the Source area of the Dashboard Designer, there are no multiples. This is a really big issue because of a breach of data security.