Role based access control in Insite Analytics

Securing your analytics with fine-grained permissions. This guide covers role hierarchy, data-level security, dashboard permissions, and more.

Role hierarchy

• Pre-configured organizational roles and approval workflows.

Data-level security

---

id: security

title: Security Governance

sidebar_label: Security

sidebar_position: 3

---

# Security Governance

Security governance ensures vulnerabilities are identified early, prioritized correctly, and remediated systematically. Continuous Scanning

Security isn't a one-time check - it's continuous:

graph LR
    subgraph "Continuous Security"
        DEV[Development] --> SCAN[Scan]
        SCAN --> FIX[Fix]
        FIX --> DEV
        SCAN --> "Findings" DB[(Tracking)]
    end

2. ---

The Security Agent

@security-analyst

Specialized agent for security work:

Capabilities:

• Vulnerability scanning

• Risk assessment

• Remediation guidance

• Compliance checking

When to Use:

• Before deployments

• After dependency updates

• Weekly governance cycle

• Security incidents

---

Vulnerability Scanning

Scan Scopes

ScopeWhat's CheckedTool dependenciesnpm/Maven packagesnpm audit, OWASP DC configSecurity settingsCustom rules codeSource patternsgrep patterns secretsHardcoded credentialsSecret detection allEverythingCombined

Running Scans

Via Command:

/audit-security --scope all

Via Tool:

python3 /opt/PredictivERP/tools/security/scan. py --scope all

Via Agent:

@security-analyst Run a full security scan of the codebase. json |
2 - ModerateCode changes, testingRefactor vulnerable code
3 - ComplexArchitecture changesReplace library

---

Security Baselines

Thresholds

json

{

"security_thresholds": {

"critical_allowed": 0,

"high_allowed": 0,

"medium_allowed": 5,

"low_allowed": 20

}

}

Interpretation:
Critical/High: Zero tolerance - must be fixed before deployment
Medium: Small backlog acceptable - fix within sprint
Low: Track but don't block - fix opportunistically

Baseline Location

tools/security/baselines/baselines.

Dashboard permissions

#### Prerequisites

• User access to Predictiv ERP with appropriate permissions. #### User Permissions

• Requisition Creator: Create and submit requisitions. - Administrator: Configure workflows, manage permissions, and resolve issues. Prerequisites

• User must have Requisition Creator permissions. Prerequisites

• Approver permissions.

Row-level filtering

Row-level filtering is a core capability within Predictiv, designed to streamline operations and improve visibility. The implementation follows best practices while remaining configurable to meet your organization's specific needs.

Audit logging

---

The Security Agent

@security-analyst

Specialized agent for security work:

Capabilities:

• Vulnerability scanning

• Risk assessment

• Remediation guidance

• Compliance checking

When to Use:

• Before deployments

• After dependency updates

• Weekly governance cycle

• Security incidents

---

Vulnerability Scanning

Scan Scopes

ScopeWhat's CheckedTool dependenciesnpm/Maven packagesnpm audit, OWASP DC configSecurity settingsCustom rules codeSource patternsgrep patterns secretsHardcoded credentialsSecret detection allEverythingCombined

Running Scans

Via Command:

/audit-security --scope all

Via Tool:

python3 /opt/PredictivERP/tools/security/scan. Apply Fix

Follow the remediation plan:

bash

# For dependency fixes

npm update lodash

npm audit # Verify fix

# For code fixes

# Edit vulnerable code

npm test # Verify no regression

3. Document Completion

Update the proposal:

markdown

Resolution

• Fixed: 2025-01-15

• By: @developer

• Verified: Security scan clean

---

Scanning Categories

Dependency Vulnerabilities

What: Known CVEs in npm/Maven packages

How: npm audit, OWASP Dependency Check

Common Fixes:
Update to patched version
Replace deprecated package
Apply security patch

Configuration Issues

What: Insecure settings, weak defaults

Checks:
Default passwords
Debug mode enabled
Insecure protocols
Missing security headers

Common Fixes:
Update configuration files
Enable security features
Disable debug modes

Code Patterns

What: Vulnerable code constructs

Patterns Detected:
SQL injection (String. -ne 0 ]; then

    echo "Security gate failed - fix findings before deploying"
    exit 1
fi

Audit Trail

All findings and remediation tracked:

`

tools/security/

├── baselines/

│ └── baselines. py Unified scanner

/audit-securitySlash command for scans /remediation-proposalDocument fixes @security-analystAI assistance.

Getting Started

To implement role based access control in insite analytics in your Predictiv environment:

1. Assess your current state - Review existing processes and identify improvement opportunities

2. Configure the module - Work with your implementation team to set up the required components

3. Train your team - Ensure users understand the new capabilities and workflows

4. Monitor and optimize - Track key metrics and continuously improve

Related Resources

For more information on related topics, explore our other guides in this collection.

Need Help?

Our team of experts is available to help you get the most out of Predictiv. Contact us to discuss your specific requirements and how we can help you achieve your goals.