Restricting user access to data

The Xtraction administrator is responsible for setting up data policies to impose restrictions on user access to data. Data policies have these attributes:

One data policy can impose restrictions on one or more data sources.

You can apply one or more filters to each data source within a data policy, further restricting access to data. Any users that have the data policy applied will also automatically have all the data-policy filter conditions applied every time they request data from the data source.

You can define one data policy as the default for new user accounts. A default policy should provide basic, somewhat restricted access to data until you assign the accounts one or more user roles with a more appropriate data policy.

For user accounts that are automatically created (via the Auto Create option selected in the Xtraction Settings utility during installation), the defined default policy is applied automatically when a new user authenticates for the first time. The server creates an account and applies default roles and features also defined in the Xtraction Settings utility.

For new user accounts created via the user interface, you must actively select the default policy (as described in the procedures below).

Each user account can have one data policy imposed on it, or none at all. Generally, you'll want to impose a data policy on every user—users without a data policy have unrestricted access to all available data.

On the Data Policies tab, you can fully enforce Xtraction data-source security as defined at the user level by selecting the Enforce data source security option. Clearing this option removes all security impositions by opening all data sources for unrestricted access by designers and viewers, which is not recommended.

Once you create a set of data policies, you can then assign them to users. For details, see Setting up user accounts.

The data policy assigned to a user doesn't apply when that user accesses reports built with the Report Designer. Those reports query data sources directly, bypassing all data-policy restrictions.