- Who should get access to what?
- Can those pofiles be grouped into standard profiles?
My suggestion is to start with group profiling before doing any individual profiling. Also, there are some decisions to be made are around what should the profiles be able to do to the information -- specifically insert/update. Usually, if BI is running against a data warehouse, it is read-only, with some minor exceptions.
As for access to data, except for highly sensitive items like salary (which has highly restrictive access), and unless there is significant downside to an employee having read access to the information, it would usually be granted at the database level. I've seen many redundant and inefficient architectures that divided up data across boxes, just because of the security issue when, in fact, security can be granted at table, view, row and column level. Therefore, even in the largest of BI implementations, only a handful of profiles ever need to be created. It is a problem, but someone(s), namely in IT, will need have access to all information. There is some atest software, however, that has a fix to this where the data is encrypted, even to IT administrators. As for timing, I like to make sure the users are trained before granting access. This forces necessary rigor and saves the build team a lot of headaches later.
More business intelligence security resources
- Universal data availability in the enterprise
- Information security: A strategic approach
Dig Deeper on Business intelligence software
Related Q&A from William McKnight
There are loads of business intelligence tools out there on the market today. Our business intelligence expert provides some valuable resources for ... Continue Reading
Should operational reporting come out of a data warehouse? Get an expert's take, plus learn about the relationship between operational systems, ... Continue Reading
Find out how you can learn business intelligence (BI), get business intelligence training and discover why analytics is the key to marketing efforts ... Continue Reading