1 Reply Latest reply on Dec 15, 2017 12:45 PM by James Crider

    Locking down data from Infinite Campus

    Michael Breen

      We are an Infinite Campus district and have Tableau to create visualizations of student data.  Our Director of Testing and Assessment wants our schools' principals to have access ONLY to data from their respective school site and not see any other.  We have been using CIC for most of our Tableau help, but I'm not getting much right now.  Here's what CIC told me about my question:

       

      If you are using the Tableau Group in IC and your users are in that group then the users will only see the calendars that they have rights to when using the UserSecurity T/F Field in the viz.

       

      I don't understand where to go from here and I'm hoping someone here can help.  Here are some questions about all of this:

       

      1) Do I create user accounts for the principals in Tableau and put them in their own group and give that group the permissions?


      OR

       

      2) Do I create the user accounts for the principals in Tableau and make individual groups for each school site and put the principals in their respective site group?

       

      OR

       

      3) I'm off base here and have to do something completely different?

       

      Any insight to creating groups in an education setting that will accommodate this requirement would help.  Thanks in advance.

        • 1. Re: Locking down data from Infinite Campus
          James Crider

          Hi Michael,

           

          Ah good ole security.  Everyone's favorite thing!  While we don't use IC as our SIS I still think concepts in security are similar even though each situation is different.  I think the security architecture is probably different for everyone.  I'm sure you've probably read the documentation but I would point you to these articles below.  I know when I was setting up ours I read all of this info several times.  We ended up using a combination of most the outlined possibilities which is probably not a good idea..ha.

           

          Authentication

           

          Authorization

           

          Data Security

           

          Restrict Data Access with User Filters and Row Level Security

           

          Create a User Filter and Secure it for Publishing

           

           

          We use AD and I do have the principals/ap's groups in Tableau as well as other dashboard specific groups.  For us we try to use SQL Impersonation whenever possible which uses row level in the database (user to school site views) and AD groups for security to the dashboard in Tableau. 

           

          Without seeing your setup, it sounds like based on your groups in IC ("Tableau group in IC") you might be able to use dynamic User Filter as outlined in the last link I provided.  As long as you have a user (principal) to campus/location/school site defined you could filter data to just their site.

           

          I hope this helps some as security can be confusing.