Highlights ETL4ALL 3.0

In the coming days, we will successively publish the following new evolutions:

1. Seamless integration with the world's most popular reporting tool: Microsoft Excel.
2. Data protection within ETL4ALL by providing a complete security model
3. Data centralization by supporting star schemes from different datamarts.
4. ETL4ALL : Focus on simplicity, re-usability and speed.
5. Reading data from web pages (HTML support)

The ETL4ALL security model in version 3.0

Information originates from data stored in databases, applications and flat files. Quite a lot of this information is company confidential, containing either personal details or crucial company knowledge. Employees access these data using their daily reporting tools and from that perspective, the right measures must be taken to keep the company's information secure.

Security comprises three different aspects :

User Authentication : Who is this user?
User Authorization : Which actions can this user perform?
Data Security : Is the data protected during transfers?

This text explains how ETL4ALL deals with these three aspects.

1. User Authentication

ETL4ALL is always integrated into an existing environment, where an identification mechanism is already in place. Flexibility and configurability are key issues here. ETL4ALL solves the authentication problem in a very elegant way using JAAS. (Java Authentication and Authorization Service).

Authentication with JAAS can be based on :

NT authentication
Windows authentication
Kerberos authentication
An LDAP server
A company-specific identification mechanism based on a relational database, a web service or an application server security service

The only thing that needs to be done is configuring the mechanism in ETL4ALL.

2. User Authorization

Once a user has been authenticated, two questions remain :

1. Which data can the user access?
Information that is available to user A might not be accessible for user B.
2. What can the user do with these data?
User C might have the right to do other things with the data than user D

ETL4ALL uses a combination of profiles and projects in order to solve these questions.

2.1 Projects
A project is a collection of entities (data, procedures, programs and metadata) that can be accessed by a group of users. Obviously, these entities can be shared among different projects, so that work accomplished in a specific project can be used in other projects when appropriate. ETL4ALL allows the creation, deletion and modification of these projects in its user-friendly style.

2.2 Profiles
A profile is a set of rights that can be associated to a specific user.
- Inspect data that are under control of ETL4ALL
- Change the profile of an existing user
- Add new users to the ETL4ALL repository
- Modify existing ETL procedures

In total ETL4ALL profiles consist of 41 individual rights, resulting in 241 (more than a billion) potential profiles . No wonder that we decided to definefive standard profiles that will be used in most organizations. These are :

1. Super Users
Super users can perform all actions supported in ETL4ALL.
2. Power Users
Power users closely resemble super users, but they do not have access to administrative actions like adding, deleting or modifying users or profiles. However, the super users can perform all ETL-related actions.
3. Regular Users
Regular Users are not allowed to add, remove or modify projects. However, the regular users can perform all ETL-related tasks like creating, editing or deleting transformation procedures or programs.
4. Report Generators
Report Generators do not have any administrative or ETL-related rights. They can only execute predefined tasks, and inspect predefined reports.
5. Administrators
Administrator do not have any ETL-related rights. They cannot create or even inspect transformation procedures and programs, but they can perform all administrative tasks, such as adding users, defining projects and creating new user profiles.

The profile associated with a user determines which ETL4ALL Menu options are available to that user.

3. Data Security

Data security refers to the secure data transfer from the source to the report. When ETL4ALL runs in a stand-alone setup, there is no network traffic. By consequence security becomes a non-issue.

In a client/server setup, the heart of ETL4ALL is a servlet container, embedded in an application server. As security is one of the major issues in the application server world, we rely on the server to deal with it.