In my database table, I have one column which contains sensitive data that should be restricted to a specific role. In the pentaho documentation, they describe how to restrict a column by adding a security attribute to the business table.
However, my table is a conformed dimension which another future developer might want to use in another business model. I'm concerned that a future maintainer may be unaware about the sensitiveDataColumn in my conformed dimension and forget to add the appropriate security attribute to their future business table in their future business model.
Wouldn't it be more secure to permit adding a security constraint to the Connection's instance of the table instead of only securing it on the business model level? I always want the sensitiveDataColumn restricted to the VIEW_SENSITIVE_DATA role. Is there any way to secure a column across multiple business models without relying on it being correctly configured in each business model?
Note - I did try adding the 'Metadata Security' property to my business table's sensitiveDataColumn. However, when I published my metadata, the column was invisible to all users (including those who had the VIEW_SENSITIVE_DATA role).
However, my table is a conformed dimension which another future developer might want to use in another business model. I'm concerned that a future maintainer may be unaware about the sensitiveDataColumn in my conformed dimension and forget to add the appropriate security attribute to their future business table in their future business model.
Wouldn't it be more secure to permit adding a security constraint to the Connection's instance of the table instead of only securing it on the business model level? I always want the sensitiveDataColumn restricted to the VIEW_SENSITIVE_DATA role. Is there any way to secure a column across multiple business models without relying on it being correctly configured in each business model?
Note - I did try adding the 'Metadata Security' property to my business table's sensitiveDataColumn. However, when I published my metadata, the column was invisible to all users (including those who had the VIEW_SENSITIVE_DATA role).