The details of security settings in end user BI applications will likely vary greatly depending on the specific software that you are using. However, the basic concepts of managing the security and the design of the security structures will probably mirror other common security settings.
Users will be created and will be assigned specific roles. Each role allows for different functions within the application. Each user will be assigned to a group. Each group has specific access permissions. When your developers build dashboards, they will be published for specific groups and for specific individuals. All of these security settings can be managed directly in the BI software.
Before jumping into the design of your new business intelligence security settings you should consider what other types of security management tools that your organization currently uses. Your BI software may offer you the opportunity to manage your security via your current Active Directory structure. Choosing this option has some initial negatives, but some long-term advantages.
- Your folder structure in your Active Directory will need to mirror your folder structure in your BI software.
- New users will have to be grouped in AD, just as they would otherwise need to be grouped in your BI software.
- A lot of communication between developers, analysts, and network admins will be necessary to determine the proper group assignment for individuals.
- Setting up AD security will be just as, if not more, time consuming as setting up BI software security.
- Employee turnover maintenance is simplified. When an employee leaves the company the network admin will simply disable the AD account (which is necessary even without the BI solution) and you will not have to disable the individual user in your BI solution.
- New employees can easily adopt the security settings of old employees. When an employee is replaced there is no need to re-create the entire security settings. When you use AD security you can simply copy the security profile of the old employee and assign it to the new hire.
- AD security offers a more extensible solution. Managing a dozen or so users in your BI software security may be simple, but when the user base grows to include hundreds of users AD security will be better equipped to define a user and his or her access levels.
For me, I feel that the long-term positives outweigh the short-term negatives when considering integrating your BI security with your AD security. The important thing to remember is that once you decide how to handle your BI security, the design will be very difficult to undo. Carefully thinking through the implications of your decision now will save you a lot of time and effort in the future.