MicroStrategy ONE
Security Checklist Before Deploying the System
Use the checklist below to make sure you have implemented the appropriate security services or features for your system before it is deployed. All the security implementations listed below are described in detail in preceding sections.
Ensure that the Administrator password has been changed. When you install Intelligence Server, the Administrator account comes with a blank password that must be changed.
- Set up security views to restrict access to specific tables, rows, or columns in the database
- Split tables in the database to control user access to data by separating a logical data set into multiple physical tables, which require separate permissions for access
- Implement connection mapping to control individual access to the database
- Configure passthrough execution to control individual access to the database from each project, and to track which users are accessing the RDBMS
- Assign security filters to users or groups to control access to specific data (these operate similarly to security views but at the application level)
- Select and implement a system authentication mode to identify users
- Set up security roles for users and groups to assign basic privileges and permissions
- Understand ACLs (access control lists), which allow users access permissions to individual objects
- Check and, if necessary, modify privileges and permissions for anonymous authentication for guest users. (By default, anonymous access is disabled at both the server and the project levels.) Do not assign delete privileges to the guest user account.
- Assign the Denied All permission to a special user or group so that, even if permission is granted at another level, permission is still denied
- Make sure guest users (anonymous authentication) have access to the Log folder in C:\Program Files (x86)\Common Files\MicroStrategy. This ensures that any application errors that occur while a guest user is logged in can be written to the log files.
- Implement file-level security requirements
- Create security roles for the application server
- Make use of standard Internet security technologies such as firewalls, digital certificates, and encryption.
-
If you are working with sensitive or confidential data, enable the setting to encrypt all communication between MicroStrategy Web server and Intelligence Server.
There may be a noticeable performance degradation because the system must encrypt and decrypt all network traffic.
-
Enable encryption for MicroStrategy Web products. By default most encryption technologies are not used unless you enable them.
Locate the physical machine hosting the MicroStrategy Web application in a physically secure location.
Restrict access to files stored on the machine hosting the MicroStrategy Web application by implementing standard file-level security offered by your operating system. Specifically, apply this type of security to protect access to the MicroStrategy administrator pages, to prevent someone from typing specific URLs into a browser to access these pages. (The default location of the Admin page file is C:\Program Files (x86)\MicroStrategy\Web ASPx\asp\Admin.aspx.
) Be sure to restrict access to:
- The asp directory
- Admin.aspx