Skip to main content

Data Discovery Security

This applies to: Visual Data Discovery

Symphony provides robust data security that ensures the "three As" of security -- proper authentication, authorization, and accounting of the visual analytics environment. In addition, its architecture provides inherent data security.

Authentication

Administrators can manage access to the application by creating user accounts in Symphony, or by synchronizing with an authentication identity provider (IdP) to take advantage of centralized user management and authentication.

Symphony adheres to standards-based methods for defining and enforcing security. Supported standard authentication protocols include Kerberos (SPNEGO), X509, and SAML2 for single-sign-on to Symphony along with plug-ins for LDAP and SAML2 IdPs to facilitate user and permissions verification. Where available, Symphony can authenticate as a microservice using Kerberos or LDAP on connections to data sources.

In addition to these options, Symphony provides Trusted Access, a default in-house developed security methodology that allows for machine-to-machine authorization of Symphony resources when embedded in your application, using delegated authorization.

Authorization

Symphony’s authorization security model allows administrators to configure Symphony user access to data sources, attributes, and records. Fine-grained access control is configured at the group level with permissions passed via inheritance to the group’s members (users). See ​role-based access control (RBAC) in Symphony​.

For data sources that support delegation, user credentials can be passed as a connection parameter. When enabled, the database authorization policies are enforced on queries so that they run with the users’ privileges.

Accounting

Advanced accounting permits logging of all data a user viewed while using Symphony. This is performed by logging all WebSocket data transmitted to user’s browser. All user activity can be recorded in the Symphony application logs on the Symphony server.

Inherent Data Security

Symphony is described as being inherently secure because there is no need to extract or move data out of secured data platforms. Direct data connectivity, push-down processing, adaptive caching, Data Sharpening™, and standards-based authentication and authorization (including user delegation) make it possible to securely work with the most current data in your data stores. Restricting the movement of data is a critical requirement for organizations that must regulate and monitor access to sensitive information, and whose data is too big to move.

Was this article helpful?

We're sorry to hear that.

Powered by Zendesk