Skip to Main Content
Spotfire Ideas Portal
Status Future Consideration
Product Spotfire
Created by Guest
Created on Jul 5, 2018

Ability to Hide or Disable the Data Sources tab in Information Designer

Information Designer users can easily see data sources that have been created by other users using the Data Sources tab in Information Designer. It is often unintentional that teams expose their data sources in this way. It enables and encourages teams to use data sources that they were not intended to be given access to, and this can often cause problems. The Data Sources tab adds little value to Information Designer and enables this kind of undesired behaviour - it would be great if there was an option to hide or disable this tab.     

  • Attach files
  • Guest
    Reply
    |
    Sep 20, 2018

    I don't appreciate being told that my idea is a "typical knee jerk reaction" to a security issue. I'm well aware of the issues we face and of more advanced techniques to monitor the development of data sources. My idea was simple one that has merit for our organization. If you don't like the idea don't vote for it, feel free to lecture elsewhere.

  • Guest
    Reply
    |
    Jul 26, 2018

    Hiding the data sources will not solve the problem. Your solution is the typical knee jerk Security through obscurity reaction, which is always a bad idea.

    https://en.wikipedia.org/wiki/Security_through_obscurity

    Large environments are always hard to manage, but it's up to you to have good governance and good oversight of what is happening. The ability to create data sources can be restricted via licenses while still allowing report builders to create information links. It sounds unwise to let anyone create a data source. In our environment new data sources have to be requested at which point we can control where they are saved, what permissions they have, etc.

    However you can still self manage this if you want. In our Development we allow developers and report builders to create data sources at will, but we still keep an eye on them to make sure they don't do things like connecting to production environments etc. This can easily be achieved if you plug into the Spotfire metadata database schema. I have written comprehensive queries on top of the Spotfire metadata database schema which I have shared on the Spotfire wiki here: 

    https://community.tibco.com/wiki/tibco-spotfire-metadata-queries

    Using the Data Sources query from that page you could easily setup alerts when any time new data sources are created so you can review them and make sure they are complaint. If you want to take this to the next level you could combine the Data Sources query with the Library Group Permissions query to alert for instance when a Data Source is placed in a folder that visible to Everyone, or a folder that other teams have access to, or whatever logic you can think of. I would think however that it will be more reasonable to sort out the folder permissions and remove Everyone with the top level folders and all their children. Once you do this cleanup any new folders will not inherit the Everyone permission and you will prevent new Data Sources, or any other new library items for the matter, from being accessible to Everyone by default. Finally if you are really serious about governance and standards you could setup BEFORE triggers in the LIB_ITEMS table in Spotfire to "error" when items are being saved to the library which are in breach to your policies (ie data source added in a folder with Everyone access granted). While these are not officially supported there are standard database features and while the Spotfire client will error out, you will prevent the spread of the "infection". 


  • Guest
    Reply
    |
    Jul 26, 2018

    Thanks for your comment. We have >200 teams building reports, each with their own high level folder. Lots of teams are successfully "hiding" their data sources by using appropriate permissions on their folders, but teams will often accidentally expose data sources. Using the default viewing panel, users can't see much unless they start drilling into folders that they have got some kind of access to - so if a data source is embedded well within a folder structure they are unlikely to ever see it. But on the Data Sources tab, everything is exposed.  

     

    To summarise - in our environment where we have hundreds of active report authors across hundreds of teams, and >3500 data sources, the Data Sources tab does much more harm than good -  it exposes data sources to users that they never knew they had any access to and (in our experience) encourages the use of them in a way that is largely invisible to data source owners and is often inappropriate and creates undesirable dependencies.. This idea is simply to allow us to disable this tab - I can appreciate that for smaller installations it has more value, but the value lessens as the environment grows.   

  • Guest
    Reply
    |
    Jul 20, 2018

    They can see them since they have access to the folders where those data sources are saved. Have you tested putting data sources in folders those users don't have read/browse access to?