2 Replies Latest reply on May 2, 2018 9:00 AM by Amy Tursich

    Locking down data from Infinite Campus

    Michael Breen

      We are an Infinite Campus district and have Tableau to create visualizations of student data.  Our Director of Testing and Assessment wants our schools' principals to have access ONLY to data from their respective school site and not see any other.  We have been using CIC for most of our Tableau help, but I'm not getting much right now.  Here's what CIC told me about my question:

       

      If you are using the Tableau Group in IC and your users are in that group then the users will only see the calendars that they have rights to when using the UserSecurity T/F Field in the viz.

       

      I don't understand where to go from here and I'm hoping someone here can help.  Here are some questions about all of this:

       

      1) Do I create user accounts for the principals in Tableau and put them in their own group and give that group the permissions?


      OR

       

      2) Do I create the user accounts for the principals in Tableau and make individual groups for each school site and put the principals in their respective site group?

       

      OR

       

      3) I'm off base here and have to do something completely different?

       

      Any insight to creating groups in an education setting that will accommodate this requirement would help.  Thanks in advance.

        • 1. Re: Locking down data from Infinite Campus
          James Crider

          Hi Michael,

           

          Ah good ole security.  Everyone's favorite thing!  While we don't use IC as our SIS I still think concepts in security are similar even though each situation is different.  I think the security architecture is probably different for everyone.  I'm sure you've probably read the documentation but I would point you to these articles below.  I know when I was setting up ours I read all of this info several times.  We ended up using a combination of most the outlined possibilities which is probably not a good idea..ha.

           

          Authentication

           

          Authorization

           

          Data Security

           

          Restrict Data Access with User Filters and Row Level Security

           

          Create a User Filter and Secure it for Publishing

           

           

          We use AD and I do have the principals/ap's groups in Tableau as well as other dashboard specific groups.  For us we try to use SQL Impersonation whenever possible which uses row level in the database (user to school site views) and AD groups for security to the dashboard in Tableau. 

           

          Without seeing your setup, it sounds like based on your groups in IC ("Tableau group in IC") you might be able to use dynamic User Filter as outlined in the last link I provided.  As long as you have a user (principal) to campus/location/school site defined you could filter data to just their site.

           

          I hope this helps some as security can be confusing.

          • 2. Re: Locking down data from Infinite Campus
            Amy Tursich

            The easiest way to do this is if you are using datalinks in Infinite Campus to access your Tableau reports.

            1.     Make sure you use the security T/F option that CIC referenced in the Viz and set it to True.

            2.     Create a datalink for the report in IC and grant a tool right access for that link to the User or User Group (depending on how you do it at your district.  I would suggest the group).

             

            By limiting it to tool right access, you ensure that only people who need the report have access to it.  At the point when they actually click the data link, the Tableau Viz security that you set up will kick in and the Principals will only view the calendars for which they have access..

             

            If it is an assessment however, most assessments in Infinite Campus are not tied to a calendarID but simply tied to a student.  If you look at the TestScore table, calendarID is not an option.  If you want security for assessments, you can write specific sql to do the appropriate linking between test date, schoolID and end year to match to a calendarID.

             

            Most of the tables we use to run Tableau have been created in our data warehouse so that we have consistency in data.  It allows us to also have field-level security since any field that is potentially problematic (such as free/reduced lunch status) is never written into the table and we therefore do not have to worry about who can view it from the visualization when they look at the data behind it.