The user documentation consists of the following sections:
Personalization And Security
Whenever you are dealing with critical data such as that presented by the Dashboard Framework, questions such as personalization and security will surely arise. Personalization involves automatically customizing the data view based on certain user attributes, and is to some degree a convenience. Security, on the other hand, is based on your organization’s business requirements, and must not display information to users unless they are truly authorized to view it. For instance, if your organization must abide by the Federal healthcare laws know as HIPAA, viewing of patient data is highly restricted and viewing by unauthorized users can result in fines.
The business rules for dealing with personalization and security are highly dependent on the requirements of your organization, and require customization to meet those needs. However, the Dashboard Framework provides some simple mechanisms to deal with users, personalization, and security. This section deals with an example.
In the data warehouse framework we have requirements for implementation of security and access control. Certain users are only permitted to view a selected subset of data in the data warehouse. So in the dashboard framework, a security layer has been added based on the user information to enforce data security and filtering. The security layer is added in the data feed service web plug-in.
The user information can come from many different ways for the security layer to use. In the following steps, we will add some extra user information using Liferay user expando service. The dashboard framework will fetch this piece of information of the current user, create some user specific filters and apply them when serving the data to the charts.
Let’s create a new custom field for Liferay user. First, as Administrator go to the control panel -> Portal section -> Custom fields -> click “Edit” link in “User” row, add a new custom field called “Customer Region” and leave the default “Text” field type. Then create a new user called “txsales” and set the custom field “Customer Region” to “state:TX” as below:
In the data feed service web plug-in, we need to add some customized code to utilize this user’s custom field to generate the user specific filters.
How do you let different users see their personalized data in the charts on the same dashboard page? The answer is we can add code in the security layer to generate different default filters for different users. After this piece of code is added, once the user “txsales” logs in, a default “state” filter with the value “TX” will be applied, so this user will see the dashboard page like this:
As what is shown in the screen shot, by default all the charts on the dashboard page are only showing the data for TX State.
To see the difference, we create another user called “ussales” and set the custom field “Customer Region” to “country:US”, when this user logs in, he will see the dashboard page like this:
By default all the charts on the dashboard page are only showing the data for US. So now the user can get his personalized chart shown on the same dashboard page, and we don’t need to do any changes in the chart portlets or the filter portlet on the page.
But still the user can browse any scope of the data in the data warehouse by applying the filters in the filter portlet. We need to add some constraints to the user so that he/she can only see some scopes of the data in the data warehouse.
In this example, let’s suppose we have the business requirement like this: The TX state sales representative user can see the data in TX State and in all the other states in US; The US sales representative user can see the all the data in US and in all the other countries in Americas. By adding another piece of custom code in the security layer, we can generate more user specific filters based on the user information. Now once the user “txsales” logs in, he will not able to select other customer area in the filter portlet but only the states in US:
When the user “ussales” logs in, he can only choose other countries in region Americas, he is not able to see data in any other regions except Americas.
Now we have an idea how the security layer applies to the dashboard framework and how it works.