Creating and Mapping New KTA Groups to KAFTA Dashboard Users
Issue
How can KAFTA be configured to show views that only a subset of users should have access to?
Solution
KAFTA's role assignment is based on the execution of KTA's two stored procedures: IsUserInsightUser and IsUserInsightAdmin. Both of these are shown in Insight | Roles | KTA user and KTA Admin roles under the External DB Mapping button. These stored procedures cannot be applied to new KTA groups that need access to views not accessible to the broader audience.
If you have KTA users in specific groups that need access to reports (views) in KAFTA but do not want to grant those views to the default KTA Admins or KTA Users roles in Insight, follow these steps in a non-production environment first:
- Create your group in KTA if not already done and add in KTA users.
- In Insight's Admin application, create a new Role under the Roles tree.
- Configure all permissions as needed. Remember - when granting views (from View Rights tab), be sure to also grant permissions to the records, metrics, etc. behind those views in the Studio Rights tab.
- From your new role's External DB Mapping tab, add in this query, replacing myKTAGroup with your KTA group name that needs access to the view(s).
SELECT 1 WHERE (select count(*) from (SELECT g.RESOURCE_NAME FROM AW_LOGGEDON_USER AS lu
INNER JOIN GROUP_MEMBERS AS gmd ON gmd.MEMBER_RESOURCE_ID=lu.RESOURCE_ID
INNER JOIN AW_RESOURCE AS g ON gmd.GROUP_RESOURCE_ID=g.RESOURCE_ID
WHERE RESOURCE_NAME='myKTAGroup'
and lu.SESSION_ID=CONVERT(binary(16),'<session_id>',2)
) rolemapper )>0
5. Make sure the TotalAgility database is selected from the Source drop-down and Database: drop-down is set to Any. The query above will run against this database and locate the currently logged in user (when that user clicks the KAFTA link from their workspace) to determine Insight role assignment.
6. Save the role.
7. Modify the KAFTA home dashboard by adding a link to the view in Studio. This link is permissions-driven so if a user doesn't have access to the view associated with the link (i.e. the user does not get assigned this new role), this link will be disabled.
8. Save the KAFTA view.
9. Test. Once confirmed to work as expected, you can apply these changes into production.
Level of Complexity
High
Applies to
Product | Version | Build | Environment | Hardware |
---|---|---|---|---|
KAFTA Insight |
1.x 6.x |
References
Article # 3037504