Custom Access Request for External Reports

New in Version 5.6,  our Security has been expanded to allow clients to customize how Denial of Access is handled.  Customers can specify tailored messaging and can control where Requests for Access are routed and are now able to support both centralized Access Request processing and distributed Access Request responsibilities. 

There are three different levels where Access Deny function can be triggered.

  1. Metric Insights Security for an Element  
  2. Metric Insights Security for a Category  
  3. BI Tool authorization (Tableau Dashboard access) - currently only available for Tableau

The system will first check the Element Editor, then the Category Editor to locate the default No Access tile format and Deny message The instructions first encountered will be used regardless of where the Security was actually violated.

This article will explain how to apply Customized Access Request processing for each Editor.

   On this initial implementation, the 3rd option (validation for BI Tool Authorization) is only available for Tableau and only when the Username is passed through SAML. 

Prerequisite: Config file variables required (Admin > Utilities > System Config)

1. This Setting is required for display of elements that User is not authorized to view (minimum)

  1. Enter 'access' in the Search field to narrow your options
  2. You must set 'SHOW_ITEMS_WITHOUT_ACCESS to 'Y'

2. Additional Settings required when transferring to a URL rather than a Webpage

  1. ACCESS_REQUEST_URL specifies the URL to which this request will be forwarded
  2. ACCESS_REQUEST_URL_PASSWORD  must be provided for Username below
  3. ACCESS_REQUEST_URL_USERNAME must be provided for a User with access to the URL
  4. ACCESS_REQUEST_VIA_WEBPAGE should be set to 'N'

3. Settings required when transferring to a Webpage

  1. ACCESS_REQUEST_URL specifies the WEBSITE to which this request will be forwarded
  2. ACCESS_REQUEST_URL_PASSWORD  - ignored
  3. ACCESS_REQUEST_URL_USERNAME  - ignored
  4. ACCESS_REQUEST_VIA_WEBPAGE must be set to 'Y'
1. Set Custom Access Request at Element level

Create a New Tableau Report (New > External Report),  Select the Tableau Report Type, and follow instructions in How to create an External Report from Tableau.

Or access an existing Tableau Report from your Homepage via the edit icon (gear).

1.1. Access the Advanced tab of the Editor

  1. Activate the 'Show preview for users without access' toggle
  2. Specify the Group that will allow access to this element. This field is optional and can be used to instruct the Access Request personnel to add the User to this Group in order to provide access.
  3. To apply a distinct display for inaccessible elements on the Homepage, select 'Upload Public image file'. Otherwise the image specified in the Configuration tab will be used.

 

1.2. Pop-up for providing a distinct image when element is Access if denied.

  1. Select 'Upload Public Image File'  box
  2. The Upload Image pop-up will appear to allow you to select an alternative image.

1.3. You can customize the Access Deny message also

Note: if you do not specify a Access message at the External Report level, the system will check the associated Category for a message. If neither is specified, the Standard Message will display.

Just toggle the 'Use Custom Access Denied message' to ON.

1.4. Custom Access Denied Message

  1. You can control the Message display using the standard display options
  2. You can insert the following variables:
    • [Element name] causes the system to  substitute the External Report name in the display
    • [More Info] provides a link to one of two messages based on where Security is denied:
      • If MI constraint:  "In order to be able to access this visualization, you must first be granted access to the content within Metric Insights.  By clicking on the Request Access button, you will request that the owners of this content provide you with the necessary access."
      • If BI Tool Constraint: "In order to be able to access this visualization, you must be granted access to the content within {BI Tool Name}.   By clicking on the Request Access button, you will request that the owners of this content provide you with the necessary access."

 

Why would User fill in the Access Request Email? Is Request always sent to this email address when Access is Requested on any pop-up or screen?

2. Set Custom Access Request message at Category level

If no Access Denied Message is set at the Element level, the message set at the associated Category level for that element will be used. If Denied message is not set at either, the Standard Access Denied message will display.

2.1. Custom Access Denied Message

  1. Toggle 'Use Custom Denied message' to ON
  2. You can control the Message display using the standard display options
  3. You can insert the following variables:
    • [Element name] causes the system to  substitute the External Report name in the display
    • [More Info] provides a link to one of two messages based on where Security is denied:
      • If MI constraint:  "In order to be able to access this visualization, you must first be granted access to the content within Metric Insights.  By clicking on the Request Access button, you will request that the owners of this content provide you with the necessary access."
      • If BI Tool Constraint: "In order to be able to access this visualization, you must be granted access to the content within {BI Tool Name}.   By clicking on the Request Access button, you will request that the owners of this content provide you with the necessary access."
3. Verify Report type will allow verification of BI Tool access

Allow access request checks to be performed at BI Tool API level using Username passed in through SAML.  This option must be setup by an Administrator on the appropriate External Report type for your BI tool.

3.1. Access Admin > Advanced > External Report types > BI Tool

The 'Pre-verify User Access through [BI tool] API'  will be toggled to the 'yes' position if this BI Tool is correctly configured to allow verification of User Access to the BI requested data.

0 Comments

Add your comment

E-Mail me when someone replies to this comment