Planning Analytics

 View Only
Expand all | Collapse all

Data Anonymization

  • 1.  Data Anonymization

    Posted Tue December 20, 2022 10:13 AM
    Hello,

    We are experience a situation where I need to implement data anonymization in our IBM Planning Analytics application. Specifically, disallow the admin user to be able to see certain system values.

    Has anyone been through the same situation or have an idea how to do it?

    Thank you,

    ------------------------------
    Viviane Dorsa
    Head of Alliances

    viviane.dorsa@netpartners.com.br

    netpartners.com.br
    ------------------------------

    #PlanningAnalyticswithWatson


  • 2.  RE: Data Anonymization

    IBM Champion
    Posted Tue December 20, 2022 10:19 AM
    By design, the Admin user can read (and write) to anywhere in the model.

    In the past where there has been sensitive data e.g. payroll/manpower, we have split the models in two and had two Admin users, one for the payroll/manpower model and another for the finance/planning model.  When data is transferred from the payroll/manpower model, it is typically aggregated and hides any detail, unless of course you have a situation with one person in a cost centre.

    Hope this helps.

    ------------------------------
    George Tonkin
    Business Partner
    MCI Consultants
    Johannesburg
    ------------------------------



  • 3.  RE: Data Anonymization

    Posted Tue December 20, 2022 04:25 PM

    Thank you George,

     

    But our needs are more than just have separated applications with different administrators.

     

    We need a solution to hide some information from admin user too.

     

    Regards,

     

    Viviane Dorsa

    Head of Alliances

    ogo

    T: +55 11 3578-0800

    M: +55 11 97266-0300

    viviane.dorsa@netpartners.com.br  

    Rua Alexandre Dumas, 1711 – Birmann 11 - 6 andar

    CEP: 04717-004

    netpartners.com.br

    acebook icon  inkedIn icon  outube icon  

    Archive%20(1)/LOGO_PENSE_BEM.png

    "Este e-mail é direcionado/intencionado somente para os endereçados e pode conter informação privilegiada e confidencial. Não deve ser espalhada, distribuída e copiada. Se você recebeu este e-mail/mensagem por engano, por favor informe ao remetente e delete do seu sistema."

     

    "This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system."

     






  • 4.  RE: Data Anonymization

    Posted Tue December 20, 2022 08:58 PM
    As George pointed, ADMIN users have full access/permissions and you cannot restrict them.
    But you can create a custom "super user" group and give them the minimum access they need.

    ------------------------------
    Vlad Didenko
    Founder at Succeedium
    TeamOne Google Sheets add-on for IBM Planning Analytics / TM1
    https://succeedium.com/teamone/
    ------------------------------



  • 5.  RE: Data Anonymization

    Posted Wed December 21, 2022 07:04 AM

    Thank you Vlad!!

     

    Viviane Dorsa

    Head of Alliances

    ogo

    T: +55 11 3578-0800

    M: +55 11 97266-0300

    viviane.dorsa@netpartners.com.br  

    Rua Alexandre Dumas, 1711 – Birmann 11 - 6 andar

    CEP: 04717-004

    netpartners.com.br

    acebook icon  inkedIn icon  outube icon  

    Archive%20(1)/LOGO_PENSE_BEM.png

    "Este e-mail é direcionado/intencionado somente para os endereçados e pode conter informação privilegiada e confidencial. Não deve ser espalhada, distribuída e copiada. Se você recebeu este e-mail/mensagem por engano, por favor informe ao remetente e delete do seu sistema."

     

    "This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system."

     






  • 6.  RE: Data Anonymization

    IBM Champion
    Posted Thu December 22, 2022 06:22 AM

    Hi Viviane,

    It may be useful to understand exactly what these "Admin" users need to actually do within the model.

    -Do they need to create users and assign to groups?
    -Do they need to run processes that may need security access?
    -Do they need to change data or upload data to cubes or areas in the cubes that other users cannot change etc.?

    Based on what they actually need to do (and should not see/do), we could probably give better guidance and options.



    ------------------------------
    George Tonkin
    Business Partner
    MCI Consultants
    Johannesburg
    ------------------------------



  • 7.  RE: Data Anonymization

    Posted Wed December 21, 2022 04:10 PM
    Hi ! 
    We had something similar. We utilized the OPERATIONS ADMIN built in Role. 
    This "Group" is built-in  like Admin, SecurityAdmin, DataAdmin -- 
    This Group has no access to data in our model, but can log onto PAW Administration  and Stop/start the instance, and other Admin tasks

    ------------------------------
    DONA PESCHKO
    ------------------------------



  • 8.  RE: Data Anonymization

    IBM Champion
    Posted Thu December 22, 2022 05:45 AM
    We have implemented models with similar requirements, we built the model with dummy data and once the model was productionised then admin users were given no access to the model at all.

    If new features or updates were required then a copy of the model was made and all data deleted, changes were made to the model and then taken back to Production again.

    Note that if your Admin users have access to the underlying folders then the data could be accessed as the objects can be moved. An element of common sense can be applied and stipulations that the data is confidential and not to be viewed.

    ------------------------------
    Edward Stuart
    ------------------------------



  • 9.  RE: Data Anonymization

    Posted Thu December 22, 2022 06:10 AM

    We are studying to implement some similar process.

     

    We have asked the IBM team to give us some information about the inclusion of this feature in the roadmap, because it´ll be very important with security data law. We are waiting the answer.

     

    Thank you,

     

    Viviane Dorsa

    Head of Alliances

    ogo

    T: +55 11 3578-0800

    M: +55 11 97266-0300

    viviane.dorsa@netpartners.com.br  

    Rua Alexandre Dumas, 1711 – Birmann 11 - 6 andar

    CEP: 04717-004

    netpartners.com.br

    acebook icon  inkedIn icon  outube icon  

    Archive%20(1)/LOGO_PENSE_BEM.png

    "Este e-mail é direcionado/intencionado somente para os endereçados e pode conter informação privilegiada e confidencial. Não deve ser espalhada, distribuída e copiada. Se você recebeu este e-mail/mensagem por engano, por favor informe ao remetente e delete do seu sistema."

     

    "This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system."

     






  • 10.  RE: Data Anonymization

    Posted Thu December 22, 2022 06:14 AM

    Thank you very much  Donna!!!

     

    We will check the permissions of OPERATIONS ADMIN.

     

    Regards,

     

    Viviane Dorsa

    Head of Alliances

    ogo

    T: +55 11 3578-0800

    M: +55 11 97266-0300

    viviane.dorsa@netpartners.com.br  

    Rua Alexandre Dumas, 1711 – Birmann 11 - 6 andar

    CEP: 04717-004

    netpartners.com.br

    acebook icon  inkedIn icon  outube icon  

    Archive%20(1)/LOGO_PENSE_BEM.png

    "Este e-mail é direcionado/intencionado somente para os endereçados e pode conter informação privilegiada e confidencial. Não deve ser espalhada, distribuída e copiada. Se você recebeu este e-mail/mensagem por engano, por favor informe ao remetente e delete do seu sistema."

     

    "This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system."