Data Separation

In most cases, the SC Navigator applications can run off a single database. This means that all data (configurations, datasets, and scenarios) is shared by all the user on the platform. However, in a number of situations the data should not be shared among various user groups, for instance:

  • The SC Navigator platform is used by multiple different business units of one company, where the data must be separated between the business units.
  • The SC Navigator platform is used to run studies for multiple different companies.

In those cases, the SC Navigator platform needs to be setup so that the data of various users group is separated, and this part of the documentation provide instructions on how to set that up.

There are situations where you might think that you should separate the data, while in fact you should not:

  • There are different projects that need to be managed.
  • There are different application that needs to be used.
  • There are different business problems to be solved.

In these cases you should not separate the data, because you want to be able to share the data between the various users. In these cases it is better to use the domain functionality or naming conventions to separate data between users and applications, but still keep the data in one database schema so that it can be shared with other users and applications.

Note

Once you have setup data separation, you cannot exchange data between the various groups anymore.

Setup Platform

By default, the SC Navigator platform does not separate the data in multiple databases. If you want to activate this functionality, you will need to create a user group with exactly this name Business Unit - Admin in the SC Navigator environment. This tells the SC Navigator applications that there will be multiple “Business Units”. See User Management in the AIMMS Cloud documentation for instructions. Once this group is created, add the users that should be able to manage the creation and deletion of Business Units.

Warning

Users added to this group have access to the data of all Business units, so make sure that only the right users are added to this group.

Setup User Groups

Once you have created the Business Unit - Admin, you also need to create users and user groups, again see User Management in the AIMMS Cloud documentation for instructions. These users and user groups determine which database schema will be used for any given user.

There are a few different ways to design this, based on your needs.

  1. External authorization: The first way is through external authorization, either Active Directory or SAML. In that case, you will need to setup an environment that is linked to Active Directory or SAML, and create user groups that matches the groups in either Active Directory or SAML. After that Active Directory or SAML will take care of the rest.
  2. Local user management: In that case, you need to setup an environment, just like in the previous option, but this is not connected to any external authorization tool. Once you have created that environment, you need to create a user group, and add the users that belong to this business unit to that group. You will also need to add one or more users to the Admin group in that environment. The users in the Admin group have the ability to add and remove users from this environment. This allows for user management inside the business unit.
  3. Global user management: In that case, you don’t need to setup an environment, you only need to create a user group, and add the users that belong to this business unit to that group. You don’t give any users admin rights, because of they have admin rights, they can also add themselves to Business Unit - Admin group created above, and have access to the data of all the business units.

Setup Database

The data is still in one database, but the SC Navigator platform will use different schemas for different business units. SC Navigator will generate the schema, based on the name you provide in the next steps. However, we recommend that you create a different user name and password, in the MySQL database, for each of business units. This user name should only have access to that particular schema, so that even knowing the name of another schema is not enough to get access. You can either do that directly into the MySQL Database or you can do this as part of the next step.

The last step is to setup the Business Unit, see here Business Unit Management for instructions.