Group Authorization

You can configure the server software to support group authorization. A separate instance of the service/daemon is run for each authorized group of users.

Configuring Group Authorization

  1. Create a server instance for each group. For more information about creating server instances, see Configuring Multiple Instances.
  2. Create the groups in IBM® SPSS® Collaboration and Deployment Services and assign users to the groups.
  3. Open the administration application and update the value of Group Authorization Service URL to the URL for IBM SPSS Collaboration and Deployment Services. Be sure to include the port number (for example, http://myserver.mydomain.com:9080).

Controlling DSN access by Group

Multi-factor authentication (MFA) requires that users can be restricted in the set of ODBC data source names (DSNs) that they are allowed to access according to their group membership.

  1. Open the administration application and set Restrict Database Access to Yes.
  2. In the Permitted Database Sources field, enter a list of semicolon (;) separated DSNs that are permitted for access (for example, Fraud - Analytic;Fraud - Operational).

When this restriction is enabled, it has the following results:

  • When a user browses for data sources in the Database Wizard, instead of being presented with all the DSNs defined on the server system, the user will only see the subset of DSNs that is defined by the administration application. Note that the path may contain DSNs that are not defined on the server. Thesee are ignored, and the user will not see those names.
  • If a user modifies GET DATA /TYPE=ODBC syntax that specifies a DSN that is not specified by the administration application, the syntax will not run and the user will be presented with an error similar to Access denied to data source: <X>.