Visual KPI conforms to our customers’ security model and/or requirements without any work on their (or our) part. Using standard Microsoft Active Directory and/or local Server Groups and Users, Visual KPI just “inherits” the requirements from the host environment at the customer site.
Visual KPI is Based on Your Security Model
Here are some basic facts about almost every customer environment:
- They each have their own security requirements.
- None of them look the same, and some of them are incredibly sophisticated (even crazy at times).
- They, and only they, really understand who should have access to what applications or data.
- This information is usually kept in a directory and most often it is Active Directory.
Visual KPI requires NO additional user database and NO additional rights assignment functionality beyond that which is built into the Windows Server operating system. We simply “assign” one or more of your user groups to the virtual directories that govern each of our components.
How Visual KPI Security Integrates with Your Security Model
Visual KPI is an enterprise-class software application and, of course. needs to know who in your organization is allowed to create, modify, delete and view the various KPI, scorecards, and trends (among other things). This is critical, because so is the data we deliver.
By designing Visual KPI as a Web server-based application, and specifically using Internet Information Server (IIS) as the platform, we get to leverage the existing authentication and rights-assignment subsystem within the platform, including the directory and all related security policies.
Because Visual KPI component parts all run as part of a virtual directory structure in IIS, each virtual directory has a set of permissions that govern which users may see or execute functions contained and managed by the virtual directory. Since each of our feature sets (Visual KPI websites, Visual KPI Designer, Visual KPI Interfaces) have unique virtual directories, Visual KPI has complete flexibility and access to the power of Active Directory as our NATIVE user authentication and rights assignment engine.
No one gets access to our system until the customer’s existing environment says its ok.
How You Manage Security with Visual KPI
The Visual KPI Server runs under the context of a website in IIS. When you install the Visual KPI Server, it automatically creates the main Transpara website that includes the Visual KPI website and Visual KPI’s virtual directories. You then install any Visual KPI Interfaces that you want to run, either on the Visual KPI Server or another machine.
You’ll then determine who needs access to Visual KPI websites and the Visual KPI Designer and use IIS and the Visual KPI Server Manager to set permissions.
- To Limit who can view your KPI data, you’ll set up permissions for your Visual KPI websites.
- To limit who can modify your KPI configurations, you’ll set up permissions for the Visual KPI Designer.
Multiple Visual KPI Websites with Object-level Security
You can implement a specific security scheme, one that includes multiple Visual KPI websites and uses Active Directory (AD) security or any other form of standard security used on an application server. You have complete control over who sees what.
Object-level security refers to who sees any of the various “objects” in Visual KPI. For example, you may want users may view only certain Groups, KPIs. Trends, Charts or Tables. You can restrict the visibility of these objects by creating several Visual KPI websites or by setting permissions and object-level security to allow access to your user groups based on what they need to see.
So, you see, from the top to the bottom, security of your Visual KPI Server, Visual KPI Designer, and Visual KPI websites, right down to website objects, is determined by your organization’s security model.