Managing and Securing Content
According to Wikipedia, Content Management is “... a set of processes and technologies that supports the collection, managing, and publishing of information in any form or medium.” Incorta, as a unified data analytics platform, does all of these things. This article will cover the recommended best practices for Content Management with Incorta.
We recommend that you be familiar with these Incorta concepts before exploring this topic further.
These concepts apply to all releases of Incorta.
There are different role dependent reasons for getting your content management strategy right in Incorta.
- Users need to be able to find the right content to do their job quickly and efficiently
- Analysts need to access the data that they have privileges to work with to explore and share answers
- Analysts should be able to leverage the work of others so they can get to solutions quickly
- Administrators need to know what content has been built so that they can avoid overwriting it when migrating or upgrading
- Administrators should be able to secure content so that only those who should see it, can see it
The bottom line, regardless of role, is that managing your content right makes it easier for your users to do their job.
Incorta uses a sharing model that is similar to Google docs. You can create a folder structure and give your dashboards a home at every level within the structure. You can then share folders or dashboards with groups or individual users. When you share, you can give different privileges depending on what you want those you share with to be able to do.
- View - Users can view the content. Typically used with business users.
- Share - Users can share the content with other groups or users. Use with others who have the same or similar role, perhaps analysts.
- Edit - Users can modify the content. Use with collaborators, perhaps developers.
With this sharing model, Incorta enables self service which translates to speed to insight for your users. This is great, but it can also lead to a spaghetti bowl of content that makes it difficult for users to find what they are looking for and for administrators to sort out and protect the content and configuration from being overwritten. The reason this can happen is that there is no role in Incorta that is allowed to see all objects in Incorta automatically.
- Security can be applied to data sources, schemas, business schemas, and folders and dashboards
- Objects are only visible to owners and to those with whom the objects are shared
This has both advantages and disadvantages.
|PROS - better security||CONS - content tracking|
|Every object has its own security and therefore security control is fine tuned||Because Administrators do not necessarily see all objects, it is difficult to know what is out there and whether it is worthwhile keeping|
|No one can automatically see everything||It makes it easier to overwrite or lose content that is important when migrating|
If security is very important, you should consider having multiple administrators/superRole users who manage and have access only to the Incorta objects/content that are related to their area. They would be in charge of maintaining the content for their distinct set of users.
That said, unless private content is shared with them, administrators still will not be able to see all the content in their area when logged into Incorta. Incorta provides a couple of additional tools to help administrators find content that has not been shared with them:
- Metadata Dashboards: See dashboards 4 (Dashboards), 5 (Objects Shared with Users) and 6 (Security Users/Groups/Roles)
- Login As and explore content user by user
Your public content should be well organized with proper security rules applied so that those who should see it can quickly find what they need to do their jobs. Private content will not be strictly controlled as it is owned by individual contributors but it makes sense to have some procedures defined such that it is not overwritten or lost.
- Public - Treat content that is built for the use of many (relative term) and is not meant to be altered as public content. This content should be built and fully tested in a non-prod environment, including security, prior to migrating it into Production and making it available for use by the rest of your organization.
- Private - Treat content that is created by individual contributors and only for consumption by the user and those whom he/she selects as private content. This is content that administrators and developers would not necessarily even know about.
Make your analysts and other creators of private content aware of how content is being managed and what they should do to make sure what they build is not compromised in any way. Here are the processes that we suggest you document and share with your Incorta creators.
- Do your configuration/building in a folder dedicated to your personal projects. Name the folder in such a way that others who see it will know that it is your work folder. You could name it with your username. For example: folder name = “jdoe work”.
- If allowable from a security standpoint, share this folder with the Administrator or SupeRole group (or equivalent) so that they are aware of its existence and will not unintentionally do something to overwrite it.
- Share this folder with others that you collaborate with closely. Ideally, you all belong to a predefined group.
- For complex private projects, start in the non-prod environment. Move your content to prod and share it only once you are comfortable that it is ready to go.
- If you have built content that should move from private to public:
- Make sure that it is available in the non-prod environment as that is where it will be migrated to Production from.
- Share it with the Administrator for your area and provide instructions for where it should be placed in the Public folder structure which will also determine which groups it is shared with. If it needs its own security, make sure to specify that as well.
- Once the Administrator has moved it to its proper place in the non-prod environment, make sure that it is fully tested and goes through the procedures (again document) necessary to get approved for migration to Production.
- Archive, back up or delete content that you no longer have a need for.
For your public content, Incorta documentation covers the best practices for folder structure design, group and user assignment, and sharing very well. Refer to the Manage content with folders article for recommendations. The following two images help to illustrate some of the concepts covered in the article.