Security

On the Security page, you can grant access to specific Data Fabric pages and features in the application.

Access to Data Fabric is managed through the Security application in Infor OS Portal or through User Management in Infor Ming.le. To access Data Fabric, you must be configured as a user in Security and be assigned to an Infor security role that has access to Data Fabric.

In Data Fabric Security, these levels of access controls are available:

  • Page access

    Controls whether a security role has access to a specific page in Data Fabric. If access is not granted, the page is not displayed in the Navigation menu.

  • Feature access

    Controls whether a security role can perform a specific action on a Data Fabric page. If access to a feature is not granted, the feature is not displayed on the page. For Compass, this access control level also applies to the JDBC driver and Compass APIs on condition that data security is enabled.

  • Data access

    Controls whether a security role can access specific objects and properties in Data Lake. Access to data implies access to metadata. These levels of data security are available:

    • Object access

      Grants a role full access to a data object. If appropriate permissions are granted through users' defined access controls, users can view a full data object and perform actions on that object. When new properties are added to the object, users have access to those new properties by default.

    • Property access

      Grants a role access only to selected properties. Users with property access to data objects can query those objects through Compass. However, users have no access to raw data objects. When new properties are added to an object, they are hidden until the administrator grants access to them. Property access is available only for the newline-delimited JSON and DSV objects.

    • No access

      Indicates that a security role does not have access to a data object. Users with no access to an object cannot view it or retrieve it from Data Lake.

Your individual access to Data Fabric and its data is determined by the permissions granted to the security roles that you are assigned to. If you are assigned to multiple security roles, only one of those security roles requires authorization to a page, feature, or data object for you to access it. The objects and properties that you are entitled to are the union of all permissions across security roles.

We recommend that you follow these best practices when managing security in Data Fabric:

  • Assign the DATAFABRIC-SuperAdmin role to a limited number of users to ensure appropriate management of access to Data Fabric.
  • Grant access to the Data Fabric pages and features only to the users who require them to fulfill their work responsibilities.
  • Instead of granting additional permissions to an existing role, create specific security roles to extend access to users who require that level of access.
  • Limit the number of roles that have access to all data objects in Data Lake. If required, create a single role with full access to all objects and assign the users who require this level of access to that role.