Components
The hid_policy_analytics_filter component, together with the default Python script plugin_analyticsfilter set in the system variable VIEW ANALYTICS PLUGIN, provides a policy framework for administrators to define rules that determine which categories and reports will be shown to users in the Analytics app.
This component is installed by default when you install Bravura Security Fabric .
Deployment
The hid_policy_analytics_filter table contains all the rules that determine what categories and reports are shown for a particular user. Like all component framework policy tables, it contains the following basic fields:
StageNumber(required int) The policy engine will run checks in stages. Each stage completes before rules in the next stage are tested; only after all stages are completed, or a rule finalizes processing, are the final results passed.RuleNumber(required int) Within each stage, the engine processes the rules in number order. Note that this is not necessarily table entry order.CategoryID(required string) Name of the folder or report category is shown or hidden. Default value is a dot and wild card .ReportName(required string) Report name is shown or hidden. Default value is a dot and wild card .*ShowMatches(required Boolean) When disabled only categories and reports not matching are shown. Default value is True .Enabled(required Boolean) When disabled the whole rule is not processed. Default value is TrueProceed(required Boolean) If the rule matches or mismatches, should the engine continue processing further rules (True), or if the rules matches, should it stop (False).Comment(optional string) Used to explain what the rule means in English. Like all comments, this is very useful if kept correct, and actively dangerous if not.ViewUserID(optional string) User ID once matched is able to view or not view the categories and reports set in the required fields.ViewUserClass(optional string) The engine allows or disallows users who have matching user class membership to view categories and reports.AttributeID(optional string) User that has user attribute matching the value in AttributeValue can or can not view analytics categories and reports.AttributeValue(optional string) User attribute is set here.
Individual rule examples
The following are various examples of rules to show how the fields in the table work together.
Rule example
RuleNumber | CategoryID | ReportName | ShowMatches | Enabled | Proceed |
|---|---|---|---|---|---|
1 | .* | PASSWORD_RESET_REQUESTS | True | True | True |
2 | ANALYTICS_CATEGORY_USERS | .* | True | True | True |
3 | .* | REPORTS_* | False | True | True |
4 | .* | SOD_* | True | False | True |
5 | .* | REPORTS_LOGIN_FAILURES | True | True | False |
The rules do the following:
Rule 1 Analytics report PASSWORD_RESET_REQUESTS under all categories are shown
Rule 2 All analytics reports under category ANALYTICS_CATEGORY_USERS are shown
Rule 3 All analytics reports matching string REPORTS_ are hidden. Non-matched reports are shown.
Rule 4 Is disabled; Enabled is set to False.
Rule 5 If there are no analytics reports matching string REPORTS_LOGIN_FAILURES , subsequent rules are processed. If there is matching, no subsequents are processed.