Security reports

Cluster security report

A technical cluster can create a report of the security configuration of the cluster itself.

You can use these two Gogo shell commands:

  • argon:printSecurityReport – Generates a report and displays its content into the Gogo shell.
  • argon:exportSecurityReport – Generates a report and saves the contents to a file.

The report contains information such as:

  • Name and version of the Java Virtual Machine
  • Directories used by the cluster
  • Configuration of the Web application
  • Configuration of the authentication
  • Configuration of the remote accesses

The report can also list some security highlights, when it detects potential problems.

Example

--=[ Java and OS ]=------
Java home: T:\opt\jdk-1.7.0_60\jre
Java version: 1.7.0_60
Java virtual machine: Java HotSpot(TM) 64-Bit Server VM 24.60-b09 mixed mode
Java runtime version: Java(TM) SE Runtime Environment 1.7.0_60-b19
Java runtime information: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 24.60-b09
Java runtime name: 11340@server
Java OS information: name=Windows 8.1, version=6.3

Process user: decisioninsight
User home directory: C:\Users\decisioninsight
Working directory: D:\Applications\Decision Insight
Temporary directory: D:\tmp\

--=[ Web ]=------
HTTP host: <default>
HTTP port: 8080
HTTPS disabled
Context root: /
Proxy disabled

--=[ Authentication ]=------
Autologin disabled
Authentication handled by the platform: disabled
Single sign-on mode: off
Third parties components: <not set>
Password of built-in 'admin' account is set to the default value.

--=[ Remote accesses ]=------
JMX interface: 10.10.11.77
JMX port: 1099
JMX SSL disabled

--=[ Data integration properties encryption ]=------
Data integration properties encryption is disabled

--=[ Security highlights ]=------
The 'admin' account is configured with the default password. You should change the password as soon as possible.
The JMX server listens for external connections but connection is not encrypted usins SSL. User credentials will
  be sent in clear form over the wire. You should use SSL or listen for local connections only.


User security report

You can create a report of the security configuration of the users of a technical cluster.

Use the Gogo shell command argon:exportUserSecurityReport. This command generates a report and saves the contents to a file.

This report contains information on each user, such as:

  • Name, first and last name
  • Whether user has "bypass security" permission (in which case all permission checks are ignored)
  • Whether user is enabled/disabled
  • Whether authentication is handled internally by the deployment or by an external system (e.g. LDAP)
  • Whether development mode is enabled/disabled
  • Granted roles
  • Granted permissions, on each space
  • Granted permissions, on each application

Example

==============================================================================
USER SECURITY REPORT
==============================================================================
Creation date: 2014-02-21T11:27:10.821Z
Users count: 2
==============================================================================
------------------------------------------------------------------------------
admin
------------------------------------------------------------------------------
** User has 'bypass security' permission, all permission checks are ignored **
Full name: 
Disabled: No
Authentication: Internal
Development mode: No

Roles:
	- Super administrator
	- User

Platform permissions:
	- Access debugging tools
	- Access platform logs remotely
	- Access platform management tools
	- Bypass Security
	- Create and import new applications
	- Manage users and roles

Application permissions:
	- HVP for OPERATIONAL SUPERVISOR (INTRADAY)
		- Access the application
		- Administration
		- Data analysis
		- Data collection
		- Data exploration
		- Data integration
		- Data modeling
		- Data visualization
		- System integration

Space permissions:
	- Space hvp: Access, Admin, Edit
	- Space hvp analysis: Access, Admin, Edit
	- Space hvp constants: Access, Admin, Edit
	- Space hvpClassifier: Access, Admin, Edit
	- Space hvpConfiguration: Access, Admin, Edit
[...]
	- Dashboard PAYMENT SEARCH: Access, Admin, Edit
	- Dashboard PILING UP: Access, Admin, Edit

------------------------------------------------------------------------------
mtaylor
------------------------------------------------------------------------------
Full name: 
Disabled: No
Authentication: Internal
Development mode: No

Roles:
	- User

Platform permissions:
    (none)

Application permissions:
	- HVP for OPERATIONAL SUPERVISOR (INTRADAY)
		- Access the application

Space permissions:
	- Space hvp: Access
	- Space hvp analysis: Access
	- Space hvp constants: Access
	- Space hvpClassifier: Access
	- Space hvpConfiguration: Access
	- Dashboard ABOVE PROFILE: Access, Edit
	- Dashboard ALL DASHBOARDS: Access
	- Dashboard DEADLINE - CURRENT: Access
	- Dashboard DEADLINE - DONE: Access
	- Dashboard HOME: Access, Edit
	- Dashboard LOST & STUCK: (none)
	- Dashboard LOW RATE: (none)
	- Dashboard MINI DASHBOARD: Access, Admin, Edit
	- Dashboard MISSING WORK: (none)
	- Dashboard PAYMENT DETAILS: (none)
	- Dashboard PAYMENT SEARCH: (none)
	- Dashboard PILING UP: (none)

Related Links