User Guide › Dashboard › Collaboration › Security Implications

Security Implications

The Dashboard utilizes CA Business Service Insight's content-based security. Each user sees the information filtered according to the contract parties to which he/she is authorized. For example, two account managers who view the status of a service are likely to see different statuses. Each one automatically sees the status based only on the performance of the contract parties under his/her responsibility.

The benefits of utilizing CA Business Service Insight's content-based security are:

• Security
• Each end user gets the information that is relevant to him/her
• The administrator's job is made simpler and the total cost of ownership is reduced. A single dashboard page that serves numerous users needs to be created and administrated only once

The security implications that need to be considered are when sharing or assigning pages.

When sharing a page:

• The user viewing the shared page, and who is not the owner of the page, sees the page in read-only mode and has limited operation capabilities.
• He\she sees the page exactly as the owner intended even though they might not have the same security setting.

For example, a country manager owns a page showing the company's accounts status across multiple regions. When the country manager shares the page with the account managers, they all see the same page and the status of each other's account even though CA Business Service Insight's content-based security does not normally allow it.

When assigning a page:

• The user that the page is assigned to, become the owner of the page and can perform all operations.
• Each user that the page is assigned to, sees the page according to his\her security settings. This means that widgets that a user is not supposed to see do not appear on the assigned page. Furthermore, if the widget is a complex widget (such as contract party) the severity is calculated according to the entities each user has permission to.

  For example, a page containing a widget that represents a contract party group (CPG) composed of two contract parties (CPA and CPB) and utilizes the worst case roll-up method is created by the administrator. The calculated severity for CPA is red and for CPB is green. The page is assigned to two users (User A and User B) each of whom is allowed to see only one contract party respectively. Once the assign operation is performed, User A sees the CPG widget composed of CPA with a red severity and User B sees the CPG widget composed of CPB with a green severity.

• If the administrator creates a page containing a custom widget, its composition may change, once the assign operation is performed, according to the user's security permissions. After the assign moment, any changes the administrator makes to the page does not affect the user that page was assigned to.

  For example, a custom widget composed of three metrics (M1, M2 and M3). The weight of each metric is 20, 50 and 30 respectively. User A is allowed to see M1 and M2. User B is allowed to see M2 and M3. When a page that contains this custom widget is assigned to User A, the severity is calculated according to the weight distribution: M1 = 20/70 and M2 = 50/70. When the page is assigned to User B, the severity is calculated according to the weight distribution: M2 = 50/80 and M3 = 30/80.

• If the assigned page contains widgets that the target user is not allowed to see, those widget are removed from the page once it is assigned.