Using Windows Impersonation

Modified on Thu, 27 Mar 2014 12:22 PM by Steve C. — Categorized as: Configuration, Level-Advanced

Click to return to: Documentation | Installing and Administering Dundas Dashboard


Overview

By default, when Dundas Dashboard queries for data through a data connector, it does so using the Windows credentials of the user (account) that is running IIS. But often, this user may not have sufficient privileges to access your databases, which results in permission errors when performing operations such as previewing a data structure using the data connector.

The above problem can be resolved by using the Connect As option at the data connector stage, which allows you to hardcode the Windows credentials (⪚ your own) to use in place of the IIS account.

There is also another option available called Windows Impersonation. If this option is enabled, queries for data will be executed using the Windows credentials of the person who is using Dundas Dashboard on the client computer. The primary purpose of Windows Impersonation is to allow you to set up your virtual tables, KPIs and dashboards so that your end-users see only the data that is applicable to them when viewing a dashboard.

Note: Connect As settings take precedence over Windows Impersonation (⪚ Connect As credentials, if present, will always be used in place of the end-user's Windows credentials when accessing data).

Enabling Windows Impersonation

The Windows Impersonation option is controlled via a key in the Dundas Dashboard Configuration File.

To turn on Windows Impersonation:

  1. Locate the UseWindowsImpersonation key in the Dundas Dashboard Configuration File. Make sure the key is not commented out and set its value to True.
  2. Restart the Dundas Dashboard website.



Tip: Windows Impersonation is typically used in conjunction with Windows Authentication, which is controlled via another configuration file key, authenticationMode. See this article for more details: Using Windows Authentication to Access Dundas Dashboard.

Usage

Example: SQL Server view

In this scenario, you have a SQL Server database table containing records for all users. The table has an Employee column where the values are Windows user names prefixed with their Windows domain name.

The SalaryData table.

The SalaryData table.


Additionally, there is a database view that filters the records based on the value returned by the SYSTEM_USER function in SQL. If a user is logged into SQL Server via Windows Authentication, this function returns the Windows login identification name with the format: DOMAIN\user_login_name.

A database view that filters records based on SYSTEM_USER.

A database view that filters records based on SYSTEM_USER.


To access the filtered data from Dundas Dashboard, follow these steps:

  1. Make sure Windows Impersonation is turned on via the configuration file as shown in the previous section.
  2. Create a new data connector for your SQL Server database without using the Connect As option but with Windows Integrated security.
  3. Create a new virtual table based on the database view.
  4. Preview the virtual table and verify that it returns records filtered according to your Windows identity.

You can now design KPIs and dashboards based on this virtual table which returns data filtered according to the Windows user.

Notes

Important notes to consider when Windows Impersonation is enabled in Dundas Dashboard:


Limitations

There are limitations to be aware of when using Windows Impersonation in Dundas Dashboard:


Additionally, various functionality in Dundas Dashboard involving scheduling or unattended operation will not work when Windows Impersonation is in effect (because there is no Dundas Dashboard user to impersonate):


Note: In Dundas Dashboard 5.0.2 Revision 2 or later, existing link-only scheduled reports will be delivered even when Windows Impersonation is enabled.

Related topics


Click to return to: Documentation | Installing and Administering Dundas Dashboard