InfoSphere Optim

 View Only
  • 1.  Optim Connect Datasource Security

    Posted Thu September 12, 2019 10:28 AM
    I have a ticket open to support with the following question. Summary of the question: How can I restrict access to a single data source in Optim Connect Studio? 

    I know that I can add an active directory user to the Optim Connect navigator workspace but this gives that user access to ALL data sources. I want to be able to restrict ONE USER to only access ONE DATA SOURCE. 

    Is this answer legit/accurate? Can anyone share their experience securing Optim Connect at the data source level? 


    ------------------------------
    Danny Lankford
    IT Manager
    3M
    MN
    ------------------------------

    #InfoSphereOptim
    #Optim


  • 2.  RE: Optim Connect Datasource Security

    Posted Fri September 13, 2019 10:46 AM
    That answer is probably true if you are solely using Optim Connect to control access to the Optim archive file.

    We control access to Optim archive file datasources using a FAD (File Access Definition) on the archive file itself. You can allow or disallow this person whatever privileges you want on the data contained within the archive file using the FAD. Optim Connect seems to be quite fragile as far as tinkering with settings (change one thing, three other things stop working), so we use it mainly to define data sources to be discoverable to the ODBC Thin Client and that's it. If someone tries to create a Thin Client DSN that points to an Optim archive file datasource they aren't on the FAD for, their query will fail for denied access anyway. 

    Hope this helps. Send me a message if you want to discuss what we use for security and access on the archive files. 


    ------------------------------
    Keith Tidball
    Progressive Insurance
    ------------------------------



  • 3.  RE: Optim Connect Datasource Security

    Posted Fri September 13, 2019 12:35 PM
    Hey Keith, 

    Thanks for the reply but i'm not going down that Optim ACD/FAD path again. We experimented with the Optim Security FAD but wow, there was so much overhead and upkeep that we agreed to never implement it. Especially when you move Optim Objects between servers in a distributed environment. i.e. Optim Create Server vs Optim Access Server. 

    I think I've found a workaround in Optim Connect. I isolated the one archive file data source into it's own Navigator Workspace and provisioned the specific user to that Workspace only. Seems to work great. Only took a few mins to setup. No Optim complicated FAD setup/mgmt on the back-end. We'll see how it holds up.

    ------------------------------
    Danny Lankford
    IT Manager
    3M
    MN
    ------------------------------