You can configure the data privacy for all data sources of Reporting Engine using the Sources tab of the Services > View > Config view.
With the addition of the Data Privacy feature to NetWitness Suite 11.0 and above, access to sensitive meta in NetWitness Suite Core services can be restricted by configuring separate data sources for Data Privacy Officer (DPO) users and non-DPO users, and limiting access to those data sources by assigning appropriate permissions.
In the Services Config view, you can add each Core service as two separate data sources: one with a service account having privileges equivalent to a DPO and the other with a service account having privileges equivalent to any other user. Then, to limit access to those data sources based on roles, you can assign read access or no access to those data sources for individual roles. To limit access to Warehouse data sources, you can do the same.
For more information, see Configure Data Source Permissions.
NetWitness Suite Core services (for example, Concentrator, Broker, or Archiver) support the ability to restrict meta data based on the configured user role. To make use of the data privacy feature for Reporting Engine, you can configure two separate service accounts against Core. One service account for general purpose reporting that does not include any sensitive data and the other account for privileged users with access to all data including sensitive data. The access to restricted meta data for the two service accounts is configured as part of the data privacy plan on each Core service.
In Reporting Engine, you can add each Core service as two separate data sources (one being the regular data source and the other a privileged data source) using the two separate service accounts. You can configure Reporting Engine to allow only users with privileged roles to access the sensitive data source. Hence, Reporting Engine can connect to a NWDB Data source in two ways:
- Using a service account with DPO role.
- Using a service account without a DPO role.
After adding two data sources with different service accounts for the same Core service, you can configure data source permissions to manage access to these data sources. For more information, see Configure Data Source Permissions.
Add a NWDB Data Source with Different Service Accounts
To add a NWDB data source:
- Go to ADMIN > Services.
- In the Services list, select a Reporting Engine service.
The Services Config view of Reporting Engine is displayed.
Select the Sources tab.
The Services Config View is displayed.
The Available Services dialog is displayed. All services are listed, including those that have already been added to the Reporting Engine.
Select the checkbox next to the service and click OK.
The Service Information dialog for the selected service is displayed.
Repeat the step for Non-DPO data source.
- Type the username and password for the required service account.
The required service is added as a data source to the Reporting Engine. Two data sources are added to Reporting Engine for the same Core device.