Security at Sisense

Sisense security is divided into three main categories:

Securing Users
Securing Data
Securing the Sisense Platform

Different measures and industry best practices are used to ensure security for each of these categories and to provide you with fine-grained governance and security management. See the following sections for Sisense security measures and brief descriptions, and click each link for detailed explanations.

Securing Users

This security category describes the security measures in place for ensuring proper authentication and authorization.

User Roles - User roles is one way that Sisense enforces the Principle of Least Privilege, where users are given the minimum level of access necessary to do their jobs:
- User Roles Overview - Brief explanations of each user role.
- User Roles Details and Permissions - Detailed explanation of all user roles and a table listing their permissions.
Account Lockout Thresholds - Prevent brute-force account attacks in Sisense by limiting the number of failed login attempts that can be performed before an account is locked.
Security Bearer Tokens - These tokens are then sent along with each request to access protected resources. The server receiving the request verifies the token's authenticity and permissions before granting access.
Web Access Tokens - Secure, scalable, and highly customizable Viewer role access to Sisense assets, without the need to provide credentials or the use of cookies.
Cross-Site Request Forgery - Protects against a type of exploit that allows attackers to perform unauthorized actions on behalf of a user that the web application trusts.
Integrating Active Directory - Integrate Active Directory users and groups with your current Sisense users, so that you can share dashboards and email reports with any of your users.
Google Authentication in Linux - When you connect to Google from Sisense, you can authenticate your account with your Google credentials if you are working from the localhost. If however, you are connecting remotely to the Sisense server, and the address of the Sisense Web Application is something other than localhost, Google requires that you connect using the OAuth 2.0 protocol. The OAuth 2.0 authorization framework enables a third-party, in this case, Sisense, to obtain limited access to an HTTP service such as Google Sheets.
Using SSO to Access Sisense - Enables a user to sign in once with a user ID and password to a group of related systems, avoiding multi-login requirements.

Securing Data

This security category describes the methods that Sisense uses to protect your data.

Data Access Security - Define data security rules that control which users can access which portions of the raw data in a data model, at row granularity.
Collected Product and Usage Data - The types of data Sisense collects when you install and access Sisense products.

Securing the Sisense Platform

This security category includes the systems in place for protecting your Sisense deployment.

Security Settings - Configure the security settings.
Setting Up SSL for Sisense on Linux - Secure the link between Sisense and your users' browsers (where dashboards are created and viewed).
Sisense Service Permissions - Sisense services run only as part of the Sisense user and will not use Root user permissions.
Cross Origin Resource Sharing - Allows for HTTP requests from one origin to another, despite a browser's Same-Origin policy, which prevents client-side web applications located in one domain from obtaining data from an application in a different domain.
Audit Logs - Govern your deployments and keep track of the user permissions and access rights defined in the system and who modified them.
Optional Security Hardening for Web Pages - Additional security options that can be applied for hardening the security of Sisense web pages for your needs.

Security at Sisense

Securing Users

Securing Data

Securing the Sisense Platform

Other Sisense Security Links