Teams For Identity & Access Management
The Informer 5 Teams Framework
Informer 5 employs a Teams framework to model the needs of real world business operations and security.
The Teams model ensures:
- Shared data is current and accurate
- Data used for reporting has not been doctored
- Access to sensitive data is secured
- Users interact with and access the data based on determined security settings
- Only individuals with determined access rights can alter the query behind the data
See Data Governance & Security for more on the Teams security model.
An Informer Team is defined as a group of Users that comprise a logical business unit within an organization. Privileged access management enables Roles within a Team to be determined by one’s business role. Your organization’s logical groups and security rights for your employees easily map into Informer’s Teams and Roles. See Figure 1.
Identity access management is determined by your system administrators whereby Informer users are assigned certain access rights based on their business role and needs for data analytics. They can also be authenticated through a third-party application user database.
While individual users have access to Informer, typical identity and access management is based on groups of individuals within a department or a logical business unit within a department. These different groups have different access rights to their organization’s data. And, as members of a group, individuals typically have different functional roles that require their access rights to differ within the group.
| Role Name | Rights |
|---|---|
| Member | View anything Owned by the Team |
| Designer | All Member rights Create content from Datasets available to the Team Upload spreadsheets into new Datasets Create Reports from Datasources available to the Team |
| Data Wizard | All Designer rights Create Workspaces Create Datasets from Datasources available to the Team Edit Team-owned Datasets |
| Publisher | All Data Wizard rights Share Team-owned Datasets and Reports to other Teams |
| Admin | All Publisher rights Manage members Add a Datasource to the Team Share a Team-owned Datasource to other Teams |
Table 1: Team Roles
Some members of a department might create data content for their organization, while others simply use data analytics to build business insights. For example, the Registrar’s office within a University might have a manager of the Graduate Students Division and a manager of the Undergraduate Students Division creating content based on student data, while division members use this content to create annual reports for the University.
An important step in privileged access management is adding a Member to a Team and defining their role within the Team. Informer 5 provides comprehensive pre-defined role types for Team members. These role types define sensible access rights and map easily to your organization’s security permissions for your employees. See Table 1.
Although Teams model logical business units within an organization, users can be Members of more than one Team. From an identity and access management perspective, their role within a specific Team is determined by their business role in that Team. For example, the Manager of the Registrar’s office within the University’s Graduate Students Division may be the Administrator for the Graduate Student Team as well as being a Data Wizard for the larger Registrar’s Team.
You can also source both Users and Teams information from a third-party repository using Informer’s Plugin Architecture. For example, Teams can be retrieved for use in Informer by referencing divisions within your organizational chart and applying those Users and Teams to Informer together with the appropriate Roles.
Privilege Access Management Through Ownership
Ownership of content (Datasource, Dataset, Report, and Job) is a powerful concept in Informer 5 and reinforces quality and confidence in your organization’s content. With ownership comes specific privileges on who can modify the way Informer handles data. In this way, the content quality is preserved and holds credibility when shared with others.
All content within the system has a single Owner. Ownership can consist of an individual User or a Team. However only those with an appropriate Role within the Team owning the content can have edit capability. A typical scenario is that a User creates, modifies, and owns the content and eventually passes Ownership to the Team once finalized. When content is owned by a Team, it supports Data Governance by providing a credible single source of truth. For example, a Dataset of Financial Data that is owned by the Finance Team holds more credibility than a Dataset owned by Bob Smith from the Finance Team.
Identity Access Management with Sharing
Departments within organizations need to share content, reliably and confidently without concern for source edits. Shareable objects within Informer (Datasources, Datasets, and Reports) are shared across Teams as read-only content, regardless of a User’s role within the shared Team. Through identity access management, you can provide access to your content to members outside of your Team by explicitly choosing to Share that content and by selecting the specific Teams that are allowed access. This enables Teams to create a library of curated content while adhering to strong Data Governance.
When Sharing a Dataset, the Sharing Team selects the level of access provided to the selected Team through privilege access management:
- No Access
- Full Access
- or Custom Access via a Saved Filter. See Figure 2.
Custom Access gives only a Filtered view of the Dataset to the selected Team as rows are filtered out of the view. This is a way to also achieve row level security.
As a result, the Teams receiving the shared Dataset have full confidence in using it to build Reports or include it as part of a scheduled Job because they understand the Dataset Owning Team has full responsibility for maintaining it. For example, the Registrar’s Office in a University creates a Dataset of Student Enrollment that is then shared among different departments. These departments can now build content confidently from the Student Enrollment Dataset.
Sharing a Dataset does not include sharing associated Reports. Those must be shared explicitly.
Sharing a Report implies access to underlying Datasets for the purposes of the Report. However, the underlying Datasets are not available as source for other content and will not display as an available Dataset outside the scope of the shared Report.
Datasource Sharing
Sharing a Datasource provides Teams with query access to the Datasource as specified on an individual Team basis:
- Limited Access
- Full Access
- Custom Access
- or No Access
Selecting a level of access for the Shared Team involves choosing an access level for their:
- Data Wizard
- Publisher
- and Administrator
The available levels of privileged access management and their respective rights are detailed in Table 2.
| Role | Rights |
|---|---|
| No Access | Default – Datasource does not appear |
| Limited Access | Only the Query Designer may be used to create Datasets. No Restricted Fields |
| Full Access | Datasource can be queried without any restrictions |
| Custom Access | Only the Query Designer may be used to create Datasets. Selected Mapping Sets only (choose whether to allow Restricted Fields) |
Table 2: Datasource Access Roles providing privilege access management
Facilitate Team Interaction Through Collaboration
In typical organizations, coworkers share ideas, and iterate on projects. Through Informer 5’s comment feature within the Teams Collaboration function, Informer encourages and facilitates Team interactions associated with Informer content.
For example, Members within a Team might engage in Team discussions that include Datasources, Datasets, Reports, Jobs, content creation, gleaning business insights from Dashboards. Team members can collaborate on the relevant sales data to extract for the creation of a Dataset, discuss and iterate on fields and Visuals to hone in on to create a Dashboard, discuss business trends and course of action for their next sales quarter, etc.
Identity Access Management at the Team Homepage
Informer provides a Team Landing Page for every Team to access content and view activities relevant to them and manage Members. This enables you to view and manage:
- The list of all Members and their Roles
- The list of Datasets, Reports, and Datasources owned by the Team
- and, the list of Datasets, Reports, and Datasources shared to the Team.
The Activity feed function on the Team Landing Page helps Team members keep abreast of events that they would be interested in monitoring, and see a preview of the respective content. An Activity feed consists of comments and system events that pertain to the Team. For example:
