Integrating GAM with K2BAudit Analyzer

Introduction

K2BAuditAnalyzer no longer includes a security module. Using GAM is strongly recommended.

IMPORTANT: If you are a K2BTools developer, you can use the GAM integration module as your security backend. If this module is used, it is not necessary to follow these steps as the module solves all the integration with GAM.

Configuring GAM in K2BAuditAnalyzer

The first thing you must do in order to use GAM is to enable it in your K2BAuditAnalyzer Knowledge Base using the Enable Integrated Security property

Enabling integrated security

  1. In the knowledge base, activate GAM by setting the property "Enable Integrated Security" to "True" in the KB's version. 
    VersionEnableSecProperty
    Enable Integrated Security Property

  2. A dialog similar to the following one will appear.
    GAMInstallationDialog
    GAM Installation Dialog

  3. Set the property "Integrated Security Level" to "Authorization".
    GAMVersionIntSecLevel
    Integrated Security Level Property

Importing K2BIsAuthorizedActivityList

To integrate K2BAuditAnalyzer security with GAM you must change the implementation of K2BIsAuthorizedActivityList. For this purpose you must download and import the following file: K2BIsAuthorizedActivityList integrated with GAM

Roles and permissions: 

It's strongly recommended that you have two different application roles:

  • Audit User : User who can perform queries into the audited data. 
  • Administrator: User who can perform all activities like transforms logs, remove query data, configure audit parameters.

Using GAM we recommend that the existing Admin role is used as the "Administrator" role mentioned before.

To create the "Audit User" role follow these steps:

  1. Using GAM Backend define a new Role called "Audit User"
  2. Set the following permissions to "Audit User" role
    • AuditQuery_Execute
    • AuditEntity_Execute
    • ConfigureApplicationData_Execute
    • ViewByUtl_Execute: Set this permission only if your DBMS is: SQLServer, Oracle or PostgreSQL. 

For more information about K2BAudit permissions see K2BAuditAnalyzer security permissions

Configuring your own security in K2BAuditAnalyzer

If you don't want to use GAM or you have your own security implemented, you must implement K2BIsAuthorizedActivityList to adapt it to your own security model. For this propose reading about K2BTools security model is recommended in order to modify the security API implementation (K2BIsAuthorizedActivityList) so that it integrates with your security backend.