K2BAuditAnalyzer no longer includes a security module. Using GAM is strongly recommended.
IMPORTANT: If you are a K2BTools developer, you can use the GAM integration module as your security backend. If this module is used, it is not necessary to follow these steps as the module solves all the integration with GAM.
The first thing you must do in order to use GAM is to enable it in your K2BAuditAnalyzer Knowledge Base using the Enable Integrated Security property.
- In the knowledge base, activate GAM by setting the property "Enable Integrated Security" to "True" in the KB's version.
|Enable Integrated Security Property
- A dialog similar to the following one will appear.
|GAM Installation Dialog
- Set the property "Integrated Security Level" to "Authorization".
|Integrated Security Level Property
To integrate K2BAuditAnalyzer security with GAM you must change the implementation of K2BIsAuthorizedActivityList. For this purpose you must download and import the following file: K2BIsAuthorizedActivityList integrated with GAM
It's strongly recommended that you have two different application roles:
- Audit User : User who can perform queries into the audited data.
- Administrator: User who can perform all activities like transforms logs, remove query data, configure audit parameters.
Using GAM we recommend that the existing Admin role is used as the "Administrator" role mentioned before.
To create the "Audit User" role follow these steps:
- Using GAM Backend define a new Role called "Audit User"
- Set the following permissions to "Audit User" role
- ViewByUtl_Execute: Set this permission only if your DBMS is: SQLServer, Oracle or PostgreSQL.
For more information about K2BAudit permissions see K2BAuditAnalyzer security permissions
If you don't want to use GAM or you have your own security implemented, you must implement K2BIsAuthorizedActivityList to adapt it to your own security model. For this propose reading about K2BTools security model is recommended in order to modify the security API implementation (K2BIsAuthorizedActivityList) so that it integrates with your security backend.