Security is an important aspect of every software. This document explains the important security features provided by Bold BI Software to customers, such as authentication, authorization, data security, network security, and more.
Authentication verifies the user’s identity. To access and manage resources such as dashboards and data sources, users must be registered users of the Bold BI Server. The Bold BI server can use local authentication or external authentication methods to validate user authenticity.
In local authentication, the Bold BI server validates user authentication by comparing the provided credentials with the details stored in the Bold BI database.
The Bold BI server can be configured to use external authentication methods such as LDAP, Azure ADFS, OpenID, and OAuth.
The Bold BI server can be configured to use LDAP for user authentication. Users are authenticated by submitting their credentials to the Bold BI server, which then attempts to bind to the LDAP instance using the user credentials. If the bind is successful and the credentials are valid, the server grants the user a session.
The Bold BI server can be configured to use Azure Active Directory for importing users into the Bold BI server and validating their authentication. Users will be logged into the Bold BI server after validation and authentication by Microsoft, using their credentials.
OpenID connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows clients to log in to the Bold BI application after logging into their identity provider. You should configure the OpenID connect with the Bold BI application to use it with the Bold BI Server.
Bold BI supports the OAuth 2.0 authorization code workflow for authorizing third-party application users to log into the Bold BI application. It allows clients to log in to the Bold BI application after logging into their identity provider. You should configure OAuth 2.0 in the Bold BI application to use OAuth connect with the Bold BI server.
Authorization refers to the resources, such as dashboards or data sources, that users can access on the Bold BI server after their authentication has been verified. Authorization includes:
Bold BI provides a comprehensive range of features for protecting your data and dashboards from unauthorized access. Our platform enables you to control user access to both dashboards and data sources, offering various permission levels to manage data access.
| Within the tenant | Between the tenants |
|---|---|
| Bold BI server provides a flexible permission system. Using this, you can control access to the dashboard and data source. | Every tenant user can only log in to their tenant and access the resource. Each tenant has been deployed with its database and resource, which ensures that one tenant's data is not shared with other tenants. Also, users belonging to one tenant can only see the users who belong to the same tenant and share a dashboard with that tenant's users. Users must have permission to view and access the dashboard and resources created by another user on the same tenant. |
In BoldBI, you can control users based on their permissions. There are read, write, create, and delete permissions that can be assigned to users and groups. Without the read permission, no user can see your dashboards.
Object Level Security allows administrators to control access to different dashboards within the BoldBI server for various users and groups. This includes the ability to share dashboards at both the individual user and group levels, with options to manage access rights for all users and define whether users can edit the dashboard.
Note: For more information on how to share the dashboard with other users, please refer to the link.
In BoldBI, you can control users based on their permissions for data sources connected to live databases. There are read, write, create, and delete permissions that can be assigned to users and groups. Without the read permission, no user can see your data sources.
Data Level Security enables the enforcement of different levels of data visibility. By sharing a single dashboard with multiple users, each user can access only the data relevant to their specific requirements. This approach not only reduces development efforts but also enhances security measures.
Note: Row Level security grants the user and group permissions to show only specific rows in the data. For more information, please refer to the link.
Every Bold BI product installation will generate unique private keys on the customer’s machine. These private keys will be used to encrypt and store sensitive data, such as passwords and database details. The Bold BI server utilizes the following encryption methods to protect secure information, including user passwords and database details.
Rijndael Encryption (256 bits)RSA Cryptography (1024 bits)AES Cryptography (128 bits)Bold BI server provides the following network security.
By default, the Bold BI server is configured with the HTTP protocol. You should change the protocol to HTTPS by configuring SSL in the Bold BI server. We recommend configuring the Bold BI server for HTTPS for all communications. When Bold BI is configured for SSL, all content and communications between clients are encrypted using SSL, and the HTTPS protocol is used for requests and responses.
The Bold BI server makes internal API calls to access resources in web and mobile apps. The Bold BI server will accept all connections that use Transport Layer Security (TLS 1/1.1/1.2) encryption, but we recommend mandatory use of TLS 1.2 in the Bold BI installed server.
The Bold BI server can be connected to the database without SSL, but all database connections that support SSL offer encrypted data transfer. We recommend enabling the SSL connection to your database while configuring the Bold BI server.
We will regularly perform penetration testing to identify potential security issues and fix them. We perform this testing on the Bold BI Software for at least every release update.
Bold BI server will generate log files when user interacts with the Bold BI application or an exception occurs.
These logs will only include the events performed, errors occurred, and other operational logs, and will never collect any confidential information such as user passwords and database details. Our support team will request these logs to check the customer reported issue and provide a solution.
Bold BI Software includes various open-source components, which are licensed under the terms of applicable open-source license agreements. Our legal team will verify and approve the use of such components in Bold BI software, and the usages are revisited and reviewed before every release.