SAS Information Maps: Securing Data based on User ID
Welcome guest blogger Renu Gehring to BI Notes. Renu’s book SAS Business Intelligence for the Health Care Industry: Practical Applications is due for publication by SAS Press in early September. Renu has an extensive background in using the SAS EBI with healthcare data and has some tips for securing data with SAS information maps.
Using SAS BI to Secure Sensitive Data
If you work in healthcare, you know that practically everything is locked down due to the confidential nature of the data. This includes the front door of your building, its elevators, each floor entrance, and even the bathrooms! All this before you even get to the data.
The SAS Business Intelligence tool set allows developers to implement layers of security on sensitive healthcare data. I want to talk about one of the methods available in SAS Information Map Studio.
Consider an information map that contains data about work performance of claims representatives of an insurance company. A claims representative logs on to a SAS BI toolset like SAS Information Delivery Portal or Web Report Studio and views only her data. How is this possible?
Two things make this happen.
- The claims representative’s user information is stored in SAS metadata.
- A filter is created in the map.
Let’s focus on the information stored in SAS metadata, which includes but is not limited to the following data:
- User ID This is mandatory data.
- User Name This is mandatory data.
- User Group Value A value for the user’s group is not required but highly recommended.
Now consider your information map which needs to include a table like the one shown below. Assume that the claims representatives’ identity in SAS metadata is created so that the Name column below matches the user ID.
Create the Filter in the SAS Information Map
You use filters to implement data access restrictions in information maps. To create a row based security filter, use the follow the steps outlined below.
Create a filter based on Name as shown in following figure.
- Data item: Select Name.
- Condition: Select Is equal to.
- Value(s): Select Derive identity values (for row-level permissions).
- Property: Click SAS.PersonName. This is the user ID. The idea behind a security-based filter is to compare name to user ID and exclude unmatched row.
- Select the Hide from user checkbox. This ensures that the filter cannot be seen or removed by users.
Modify the Information Map Properties
Apply the filter and the ClaimRep Table to all queries from the map. This is done by modifying the map’s properties.
- Select Edit > Properties.
- On the General Prefilters tab, move Name filter from Available Filters to Selected Filters.
- On the Required Tables tab, move ClaimRep to Required Tables.
Test the filter.
- Log in in with a claims representative named Jason’s credentials.
- Click View SQL in the Test the Information Map dialog box to display the View Query window. The code includes a WHERE clause restricting Name to Jason.
You can now use the map as a data source for Web Report Studio reports and the access restrictions will automatically flow through. You can also use the map to source indicator data objects in SAS Dashboard. Your users may use the map directly in SAS Add-in for Microsoft Office or Enterprise Guide.
Order your copy of SAS Business Intelligence for the Health Care Industry: Practical Applications from SAS Press.
Never miss a post!Get the latest BI Notes post in your Inbox when a new post is released! Click here for free subscription. You email address is kept private and you can unsubscribe anytime. Go ahead ... join us!
Latest posts by Renu Gehring (see all)
- SAS Information Maps: Securing Data based on User ID - August 27, 2013