by Randall Groncki
Common language and terms surrounding Insights is a problem. This post is an attempt to standardize terms for clearer, quicker communication.
Why?
During a recent conference call, we had a Babel of terms about PeopleSoft and Insights objects. There were about 30 people on the call from all over the country kicking off a project to create some very complex Insights Dashboards. Our biggest obstacle was our own words:
- Dashboard
- Chart
- Fields
- Graph
- Widget
- Tile
- “Thing-a-ma-jig”
- Home Page
- … and worse
We wasted so much time just trying to understand each other because there was no common understanding of terms.
If we can all use a common set of terms, we can understand each other quicker resulting in a better, faster solution.
Agenda
- PeopleSoft Terms
- Insights Terms
- PeopleSoft Navigation Security
- PeopleSoft Row Level Security
- PeopleSoft/Insights Relationship
- Insights Security
Whose Terms?
We’re going to use Oracle / PeopleSoft Terms
- We can take these terms and speak fluently to other groups in our project
- New project members with critical functional/technical experience can quickly integrate and impact the team
- Quicker documentation reference with Oracle and PeopleBooks
Conceptual Idea: Things and Containers
This is a metaphor I’ll use for the rest of this post to help explain PeopleSoft Organization and Security
Think of water. Water is a “Thing”
We need a container to use water.
A water bottle is a “Container”
We can put a container of water in another container – a container of containers.
A pack of water bottles is a “Container of Containers”
This idea is recurring in the PeopleSoft/Insights architecture
PeopleSoft Terms
Page
- A Page is a Thing
- Contains fields and controls
- Where we do our work and see data in PeopleSoft
Component
- A component is a Container
- Contains one or more pages
- Controls data security to the page
Home Page
- A Home Page is a Container
- Contains one or more Tiles
Tile
- A Tile is a Container
- Contains a PeopleSoft Link to Something
- Navigation Collection
- Component
- Another Home Page
- Insights Dashboard
- Something else
Navigation Collection
- A Navigation Collections is a Container of Links
- Insights Dashboards
- Insights Dashboards
- Pivot Grids
- Components
- Other Destinations
- Provides Custom Navigation
Insights Terms
OpenSearch
- OpenSearch is a Search Architecture
- Previously known as ElasticSearch
- Search engine backend for PeopleSoft Search and Insights dashboards
- Separate Architecture from PeopleSoft
- A component of the delivered PeopleSoft application
- Communicate through delivered Oracle APIs
Insights
- Insights is an Analysis Tool
- A Data Visualization Tool built on top of OpenSearch
- Previously known as Kibana
- Tools to build, organize and present data visualizations
Data Set
- A Data Set is defined by a Search Definition
- Contains the actual data for analysis
- Controls Security
- None
- Role
- Document (role level security)
- Data is generated in PeopleSoft (scheduled)
- Then Sent to OpenSearch
- Flattened, indexed data
Visualization
- A visualization is a Thing
- A visualization takes your data and turns it into a picture, like a chart or graph, showing patterns and trends
- Source: Single Dataset
- Examples include
- Pie
- Bar
- Line
- Data Grid
- … and a lot more
Dashboard
- A Dashboard is a Container
- One or more Visualizations
- Lowest object seen by PeopleSoft
- Filters are applied across ALL visualizations on the Dashboard
Navigation Collection & Insights Dashboards
- A Navigation Collection is a Container
- Navigation Collections can contain links to Insights Dashboards
- Navigation Panel on left
- Dashboard on the right
PeopleSoft Security
Navigation Security
- Navigation Security controls where a user can go in the application
- This is “Menu” security
- Applied at every container level object
- Users do not see options they are not granted access
- Users may be granted access to a Home Page, but will only see Tiles they are granted access
- Users may see a Navigation Collection, but only see links to dashboards they have been granted access
Row Level Security
- Controls what individual data items can a specific user access
- A user will not see data which they do not have access
- Row Level Security is different in the different applications
A user needs both
- Navigation and Row Level security are both important
- User needs BOTH to interact with the system
- A user may be granted access to a page (Navigation Security), but may not be able to see any data (Row Level Security)
- A user may be able to see employee data (Row Level Security), but does not have access to a specific page (Navigation Security)
- The user can only see data on a page when they have both security access to that page and security to the data in that page.
PeopleSoft/Insights Relationship
Two separate architectures connected by APIs
Interaction
- An Insights Dashboard is registered as link inside of PeopleSoft
- PeopleSoft Navigation Security determines if a user has access to that link
- The user will not see the link if they don’t have navigation security access
- Authorized user clicks link and opens a window into an Insights Session
- Insights verifies THIS user’s session is a current valid PeopleSoft session (API link)
- You can email the link to a friend without access, but Insights won’t let them in
- PeopleSoft Provides the user’s data access keys to Insights (API link)
- Insights opens the requested dashboard and loads the visualizations with data as per security configuration
- If Row Level Security, Insights compares the user’s Security Keys Vs every document in that dataset to determine if that document is permitted to the user
- Every document (row of data) has a list of security keys granting access to THAT row
- The visualizations builds with only the allowed data rows
Identification
- Insights has no idea WHO the current PeopleSoft user is
- Only data access keys passed by PeopleSoft
- Dashboards (containers) are not controlled by security
- Visualizations (Things) are not controlled by security
- The data displayed IS controlled by security
- It is possible for a user to see a dashboard with empty visualizations because that user does not have row level security access to any data in that data set
Result
If all security levels are satisfied, the user sees the dashboard populated with data
Insights Security
- A Data Set is generated in PeopleSoft and ingested by OpenSearch for use in Insights
- Row Level Security is determined at the time of data generation in PeopleSoft
- Each row of data is called a “Document”
- Each document has a list of access keys granting access to that document
- The data is stored in OpenSearch.
- All data selection, sorting & filtering is done on the OpenSearch Servers
- OpenSearch Architecture is built for search
- This relieves the load from the PeopleSoft Servers
- PeopleSoft Architecture is built for transaction processing (OLTP)
- All data selection, sorting & filtering is done on the OpenSearch Servers
Analytic Functions and Security
- Functions link Min(), Max(), Count(), etc. Only work on the documents allowed through row level security
- A count of the documents returns a count of only the documents that user has access
- The Latest Update Date Time value is the latest date time in that subset of documents the user has access
- Example:
- A Metric showing the latest updated time of the data will show the latest update time of only the documents allowed to that user through security
- If there is a more recent time stamp in a document not granted that user, that user will not see that later value
