Protection and Application of User Logon Data


The given user rights regulate the access to cell data as well as to selected system operations. Jedox stores level 1 and 2 rights objects and users and their passwords in the Jedox OLAP Database system.  For information on regulating user access to Jedox data, see Administration of User Rights. To create a special Jedox administrator account with special/limited access rights, see Admin User Accounts.

Requests for a Jedox database can only be made with a valid logon. These logons must be adequately protected with passwords. The Jedox databases are special CSV files in the directory …\olap\data. To avoid unwanted access to these files, this directory should be protected using the existing security options of the operating system and additional encryption algorithms.

By default the password for the admin user, as well for other users, is stored within the System database in system cube #_USER_USER_PROPERTIES in clear text as a normal string value. Cube #_USER_USER_PROPERTIES corresponds to file database_CUBE_0.csv. Everyone who has read/write access to these files can see/change the content.Therefore, it is necessary to protect this system database accordingly. 

Currently, Jedox users are not automatically prompted to change their password.  

Note for Jedox Web users: in the Jedox Web connection dialog, the “Use login credentials” checkbox must be marked in order to consider the assigned rights. Otherwise, the rights of the user name entered for the connection would be considered. Access rights can be defined for connections in a similar way as other objects, via the “Security” dialog of a connection. For example, a connection that statically uses a user with high-level access (e.g. for usage in Jedox Integrator) can be set to be inaccessible to lower-level user groups.

Unprotected connections can be used by any given Jedox user, such as in OLAP-related dialogs (e.g. Paste View).