This topic provides information about configuring data sources for Reporting Engine using the Sources tab of the Services > View > Config view.
With the addition of the Data Privacy feature to Security Analytics 10.6 and above, access to sensitive meta in SA Core services can be restricted by configuring separate data sources for Data Privacy Officer (DPO) users and non-DPO users, and limiting access to those data sources by assigning appropriate permissions.
In the Services Config view, you can add each Core service as two separate data sources: one with a service account having privileges equivalent to a DPO and the other with a service account having privileges equivalent to any other user. Then, to limit access to those data sources based on roles, you can assign read access or no access to those data sources for individual roles. To limit access to Warehouse data sources, you can do the same.
For more information, see Configure Data Source Permissions.
Security Analytics Core services (for example, Concentrator, Broker, or Archiver) support the ability to restrict meta data based on the configured user role. To make use of the data privacy feature for Reporting Engine, you can configure two separate service accounts against Core. One service account for general purpose reporting that does not include any sensitive data and the other account for privileged users with access to all data including sensitive data. The access to restricted meta data for the two service accounts is configured as part of the data privacy plan on each Core service.
In Reporting Engine, you can add each Core service as two separate data sources (one being the regular data source and the other a privileged data source) using the two separate service accounts. You can configure Reporting Engine to allow only users with privileged roles to access the sensitive data source. Hence, Reporting Engine can connect to a NWDB Data source in two ways:
- Using a service account with DPO role.
- Using a service account without a DPO role.
After adding two data sources with different service accounts for the same Core service, you can configure data source permissions to manage access to these data sources. For more information, see Configure Data Source Permissions.
Add a NWDB Data Source with Different Service Accounts
To add a NWDB data source with different service accounts:
- In the Security Analytics menu, select Administration >Services.
- In the Services panel, select a Reporting Engine service.
The Services Config view of Reporting Engine is displayed.
Select the Sources tab.
The Services Config View is displayed with the Reporting Engine Sources tab open.
The Available Services dialog is displayed. All services are listed, including those that have already been added Reporting Engine.
Select the required service and click OK.
The Service Information dialog for the selected service is displayed.
Repeat the step for Non-DPO data source.
- Type the username and password for the required service account.
The required service is added as a data source to the Reporting Engine. Two data sources are added to Reporting Engine for the same Core device.
After adding multiple data sources with different service accounts for the same Core device, you can configure data source permissions to manage access to these data sources.