Multi-tenant security?

(6 posts) (3 voices)

Tags:

  1. -nth-, Member

    I realize that reports/data can be kept separate using users & groups, but I'm wondering if mydbr has considered adding an optional "organization" level (often called multi-tenancy)? Meaning users are within groups and groups are within organizations. With this feature enabled, it would add an additional security token to the login process: organization name. The user would then need to know organization name, username and password to login.

    -nth-

  2. myDBR Team, Key Master

    Hi,
    what would you like to do with the organization info / what additional security would this provide to you?

    When user logs into myDBR, in case of larger installations, myDBR gains user's groups through myDBR itself, through Active Directory or though another Single-Sign On method. Reports can be assigned to these groups and the content of the report can be based on data derived from user's data.

    --
    myDBR Team

  3. -nth-, Member

    I think there would be a couple things adding an organization level could accomplish:

    1. Provide additional security. Having the additional organization security token for login makes it all the more difficult to hack.
    2. Provide additional customization. This would allow notifications and permissions to be customized at an "organization" level as well as a group and user level.
    3. Ease administration for more complex installations. For example, let's say I want to create a notification to all groups for a client named "CompanyA". As I understand it, currently I'd need to go into each of the individual groups and set the notification, but with an organization level, I could set it at the "CompanyA" level and it would be propagated to all groups within that organization. I imagine that setting certain permissions or viewing usage statistics could be made easier with this too.

    I hope that make sense.
    -nth-

    P.S. I'm providing this suggestion from a purely theoretical standpoint as I'm still in the process of installing and learning mydbr ( I may find what I'm suggesting is already within the capabilities of mydbr). In reviewing the documentation, though, it just looks like it could be a feature that makes a great product even better!

  4. myDBR Team, Key Master

    Hi,
    having a organization name in login screen would not really make the login more secure since organization name is usually not that hard to find out for individual users. If you wish to increase the security, you could look into using secure connections, limiting the access to the server and using tighter password rules which myDBR supports.

    For customization, once user is logged in, you can usually determine users organizational status by looking into user's groups or connecting user's credentials into existing data in database. Since all myDBR content (reports) are dynamic, based on access rights, different reports can be shown for different organizations.

    As for notifications, if you need to show different notifications to different groups, use the dashboard instead of notifications. The dashboard content can be dynamically generated based on user's login data. As a sidenote, we could see if notifications could also be dynamically created, so thank you for the improvement idea.

    --
    myDBR Team

  5. jamesmr89, Member

    I have a server with multiple DB's on it, is it possible to set a users datasource based on their login credentials? I want to have them only have access to 'thier' database, ideally they could share report definitions between users, but only able to access their own data.

    Is this possible?

  6. myDBR Team, Key Master

    You can. Dealing with multiple databases may not always be that simple though.

    The best approach depends on how many databases you have and how complex data/reports you are dealing with. Also, your database choise may matter as different databases offer different capabilities.

    In the most straghtforward case you would set up views where you include the datasource name and limit the queries based on that. This would work with limited number of databases with relative simple queries.

    Alternatively you use dynamic SQL to construct the table references or use dynamic SQL to call procedures from target database.

    If you have a large scale installation, there are other ways of dealing with the multiple databases, but as said, the best approach depends on the case.

    --
    myDBR Team


Reply

You must log in to post.