Composer provides robust data security that ensures the "three As" of security -- proper authentication, authorization, and accounting of the visual analytics environment. In addition, its architecture provides inherent data security.
Administrators can manage access to the application by creating user accounts in Composer, or by synchronizing with an authentication identity provider (IdP) to take advantage of centralized user management and authentication. Composer adheres to standards-based methods for defining and enforcing security. Supported standard authentication protocols include Kerberos (SPNEGO), OAUTH2, X509, and SAML2 for single-sign-on to Composer along with plug-ins for LDAP and SAML2 IdPs to facilitate user and permissions verification. Where available, Composer can authenticate as a microservice using Kerberos or LDAP on connections to data sources.
Composer’s authorization security model allows administrators to configure Composer user access to data sources, attributes, and records. Fine-grained access control is configured at the group level with permissions passed via inheritance to the group’s members (users). See role-based access control (RBAC) in Composer.
For data sources that support delegation, user credentials can be passed as a connection parameter. When enabled, the database authorization policies are enforced on queries so that they run with the users’ privileges.
Advanced accounting permits logging of all data a user viewed while using Composer. This is performed by logging all WebSocket data transmitted to user’s browser. All user activity can be recorded in the Composer application logs on the Composer server.
Composer is described as being inherently secure because there is no need to extract or move data out of secured data platforms. Direct data connectivity, push-down processing, adaptive caching, Data Sharpening™, and standards-based authentication and authorization (including user delegation) make it possible to securely work with the most current data in your data stores. Restricting the movement of data is a critical requirement for organizations that must regulate and monitor access to sensitive information, and whose data is too big to move.