If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Securing planning application

Started by JaromirSeps, 20 Apr 2010 06:50:04 AM

Previous topic - Next topic

JaromirSeps

Hello,

I need some advice with securing of a contributor application with sensitive data.

We are running many contributor applications with sales plans, etc., which are sensitive, but not that much. Now we should have an application with HR data, which will be highly sensitive, so I need to take more measures.

I was thinking about this and came to these areas, which need to be taken care of:

1) application folder on the windows folder with both application library and other files
- I could use standard windows server security
2) Analyst & Manager library
- could be secured using a special user class
3) Contributor application, macros and admin links
- could be secured based on special user class
(Could an administrator override these settings anyway? I think he could)
- prevent backup, deployment, etc., but could the Administrator not take these settings back?
4) Oracle Datastore
- do I have to secure the application datastore? It contains only encrypted data, so I need only to prevent backup&copy of the whole datastore??
5) Web application using user classes and watching rights assignment

Did I miss something that needs to be taken care of? Is this described in some document?

It seems to me, that administrator of a Contributor Administration Console could not be filtered out, or at least he could take the settings back?
Would there be any differences, in case we will be running this on MS SQL?

Thanks for your comments
Jaromir

aa2288

Just do not add new users to the administrator's class. Rest all security stiings you can play with as described in tghe post itself.