Data Anonymization

View Only

Expand all | Collapse all

1. Data Anonymization

0 Like
Viviane Silvano Anselmo Dorsa
Posted Tue December 20, 2022 10:13 AM

Reply
Hello,

We are experience a situation where I need to implement data anonymization in our IBM Planning Analytics application. Specifically, disallow the admin user to be able to see certain system values.

Has anyone been through the same situation or have an idea how to do it?

Thank you,

------------------------------
Viviane Dorsa
Head of Alliances

viviane.dorsa@netpartners.com.br

netpartners.com.br
------------------------------

#PlanningAnalyticswithWatson
2. RE: Data Anonymization

0 Like
IBM Champion

George Tonkin
Posted Tue December 20, 2022 10:19 AM

Reply
By design, the Admin user can read (and write) to anywhere in the model.

In the past where there has been sensitive data e.g. payroll/manpower, we have split the models in two and had two Admin users, one for the payroll/manpower model and another for the finance/planning model. When data is transferred from the payroll/manpower model, it is typically aggregated and hides any detail, unless of course you have a situation with one person in a cost centre.

Hope this helps.

------------------------------
George Tonkin
Business Partner
MCI Consultants
Johannesburg
------------------------------

Original Message

3. RE: Data Anonymization

Like

Viviane Silvano Anselmo Dorsa

Posted Tue December 20, 2022 04:25 PM

Thank you George,

But our needs are more than just have separated applications with different administrators.

We need a solution to hide some information from admin user too.

Regards,

Viviane Dorsa

Head of Alliances

ogo

T: +55 11 3578-0800

M: +55 11 97266-0300

viviane.dorsa@netpartners.com.br

Rua Alexandre Dumas, 1711 – Birmann 11 - 6 andar

CEP: 04717-004

netpartners.com.br

"Este e-mail é direcionado/intencionado somente para os endereçados e pode conter informação privilegiada e confidencial. Não deve ser espalhada, distribuída e copiada. Se você recebeu este e-mail/mensagem por engano, por favor informe ao remetente e delete do seu sistema."

"This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system."

Original Message

4. RE: Data Anonymization

Like

Vlad Didenko

Posted Tue December 20, 2022 08:58 PM

As George pointed, ADMIN users have full access/permissions and you cannot restrict them.
But you can create a custom "super user" group and give them the minimum access they need.

------------------------------
Vlad Didenko
Founder at Succeedium
TeamOne Google Sheets add-on for IBM Planning Analytics / TM1
https://succeedium.com/teamone/
------------------------------

Original Message

5. RE: Data Anonymization

Like

Viviane Silvano Anselmo Dorsa

Posted Wed December 21, 2022 07:04 AM

Thank you Vlad!!

Viviane Dorsa

Head of Alliances

ogo

T: +55 11 3578-0800

M: +55 11 97266-0300

viviane.dorsa@netpartners.com.br

Rua Alexandre Dumas, 1711 – Birmann 11 - 6 andar

CEP: 04717-004

netpartners.com.br

"Este e-mail é direcionado/intencionado somente para os endereçados e pode conter informação privilegiada e confidencial. Não deve ser espalhada, distribuída e copiada. Se você recebeu este e-mail/mensagem por engano, por favor informe ao remetente e delete do seu sistema."

"This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system."

Original Message

6. RE: Data Anonymization

Like

IBM Champion

George Tonkin

Posted Thu December 22, 2022 06:22 AM

Hi Viviane,

It may be useful to understand exactly what these "Admin" users need to actually do within the model.

-Do they need to create users and assign to groups?
-Do they need to run processes that may need security access?
-Do they need to change data or upload data to cubes or areas in the cubes that other users cannot change etc.?

Based on what they actually need to do (and should not see/do), we could probably give better guidance and options.

------------------------------
George Tonkin
Business Partner
MCI Consultants
Johannesburg
------------------------------

Original Message

7. RE: Data Anonymization

0 Like
DONA PESCHKO
Posted Wed December 21, 2022 04:10 PM

Reply
Hi !
We had something similar. We utilized the OPERATIONS ADMIN built in Role.
This "Group" is built-in like Admin, SecurityAdmin, DataAdmin --
This Group has no access to data in our model, but can log onto PAW Administration and Stop/start the instance, and other Admin tasks

------------------------------
DONA PESCHKO
------------------------------

Original Message
8. RE: Data Anonymization

0 Like
IBM Champion

Edward Stuart
Posted Thu December 22, 2022 05:45 AM

Reply
We have implemented models with similar requirements, we built the model with dummy data and once the model was productionised then admin users were given no access to the model at all.

If new features or updates were required then a copy of the model was made and all data deleted, changes were made to the model and then taken back to Production again.

Note that if your Admin users have access to the underlying folders then the data could be accessed as the objects can be moved. An element of common sense can be applied and stipulations that the data is confidential and not to be viewed.

------------------------------
Edward Stuart
------------------------------

Original Message

9. RE: Data Anonymization

Like

Viviane Silvano Anselmo Dorsa

Posted Thu December 22, 2022 06:10 AM

We are studying to implement some similar process.

We have asked the IBM team to give us some information about the inclusion of this feature in the roadmap, because it´ll be very important with security data law. We are waiting the answer.

Thank you,

Viviane Dorsa

Head of Alliances

ogo

T: +55 11 3578-0800

M: +55 11 97266-0300

viviane.dorsa@netpartners.com.br

Rua Alexandre Dumas, 1711 – Birmann 11 - 6 andar

CEP: 04717-004

netpartners.com.br

"Este e-mail é direcionado/intencionado somente para os endereçados e pode conter informação privilegiada e confidencial. Não deve ser espalhada, distribuída e copiada. Se você recebeu este e-mail/mensagem por engano, por favor informe ao remetente e delete do seu sistema."

"This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system."

Original Message

10. RE: Data Anonymization

Like

Viviane Silvano Anselmo Dorsa

Posted Thu December 22, 2022 06:14 AM

Thank you very much Donna!!!

We will check the permissions of OPERATIONS ADMIN.

Regards,

Viviane Dorsa

Head of Alliances

ogo

T: +55 11 3578-0800

M: +55 11 97266-0300

viviane.dorsa@netpartners.com.br

Rua Alexandre Dumas, 1711 – Birmann 11 - 6 andar

CEP: 04717-004

netpartners.com.br

"Este e-mail é direcionado/intencionado somente para os endereçados e pode conter informação privilegiada e confidencial. Não deve ser espalhada, distribuída e copiada. Se você recebeu este e-mail/mensagem por engano, por favor informe ao remetente e delete do seu sistema."

"This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system."

Original Message

Business Analytics

Connect, learn and share with over 10000 users across the IBM Business Analytics.

Planning Analytics