Visual KPI supports the use of multiple sites for security, allowing you to have a finer level of control over who will have what type of access to your various KPI data.
If you have only a single set of users who all need the same access to all of your KPI data, then implementing Active Directory security on your Visual KPI site is easy enough.
But, what if you have multiple user groups, each of which needs access to different sets of KPI data, and/or different levels of access, such as read-only as opposed to edit? How can you assign different levels of access to each of the different user groups?
Well, you can’t if you only have a single Visual KPI site. You may want to consider having multiple sites for security reasons.
The following is an example implementation of Active Directory security using multiple Visual KPI sites.
ACME Manufacturing Example
Let’s look at an example where multiple Visual KPI sites would be required to implement Active Directory security.
ACME Manufacturing has two plants, each of which has its own set of KPIs. ACME wants to have multiple levels of access to KPI data, based on an employee’s job title. Some users will only need to view the KPI data on the website, while others will need to use Visual KPI Designer to edit the KPI configuration data. Additionally, ACME wants to limit KPI visibility based on an employee’s location.
The following table shows the different groups of ACME users, listed across the top row. In the first column is the list of required access levels, broken down by location.
Plant 1 Mgr
Plant 1 Supv
Plant 1 Tech
Plant 2 Mgr
Plant 2 Supv
Plant 2 Tech
Plant 1 Web Site
Plant 1 Web Editor
Plant 1 Web Service
Plant 2 Web Site
Plant 2 Web Editor
Plant 2 Web Service
ACME will need six Active Directory User Groups:
- One for each site (Plant 1 website, Plant 2 website)
- One for each plant for editing the KPI configuration data (Plant 1 VKPI Edit, Plant 2 VKPI Edit)
- One for the Visual KPI Admins
- One for the Corporate Executives
ACME’s Active Directory User Group membership would look like this:
|AD Group name||User Name|
|Plant 1 Web Site||Charlie, Dave, Ed|
|Plant 1 VKPI Edit||Dave|
|Plant 2 Web Site||Frank, George, Harry|
|Plant 2 VKPI Edit||George|
The Read & Execute permissions would be assigned to the Virtual Directories as follows:
|Virtual Directory Name||AD Group Name|
|Plant1WebSite||Plant 1 Web Site, VKPI Admins, Corp Execs|
|Plant1WebEditor||Plant 1 VKPI Edit, VKPI Admins|
|Plant1WebService||Plant 1 VKPI Edit, VKPI Admins|
|Plant2WebSite||Plant 2 Web Site, VKPI Admins, Corp Execs|
|Plant2WebEditor||Plant 2 VKPI Edit, VKPI Admins|
|Plant2WebService||Plant 2 VKPI Edit, VKPI Admins|
ACME will need to create a separate Visual KPI database for each of the Visual KPI sites. By organizing its data to reflect its sites and users, ACME will have a secure Visual KPI system running on multiple sites. Only those users who have been given explicit permissions can access ACME’s Visual KPI data.
Enable security for Visual KPI, including an overview of all steps.