Data Separation

In most cases, the SC Navigator applications can run off a single database. This means that all data (configurations, datasets, and scenarios) is shared by all the user on the platform. However, in a number of situations the data should not be shared among various user groups, for instance:

  • The SC Navigator platform is used by multiple different business units of one company, where the data must be separated between the business units.
  • The SC Navigator platform is used to run studies for multiple different companies.

In those cases, the SC Navigator platform needs to be setup so that the data of various users group is separated, and this part of the documentation provide instructions on how to set that up.

There are situations where you might think that you should separate the data, while in fact you should not:

  • There are different projects that need to be managed.
  • There are different application that needs to be used.
  • There are different business problems to be solved.

In these cases you should not separate the data, because you want to be able to share the data between the various users. In these cases it is better to use the domain functionality or naming conventions to separate data between users and applications, but still keep the data in one database schema so that it can be shared with other users and applications.

Note

Once you have setup data separation, you cannot exchange data between the various groups anymore.

Setup Platform

By default, the SC Navigator platform does not separate the data in multiple databases. If you want to activate this functionality, you will need to create a user group with exactly this name Business Unit - Admin in the SC Navigator environment. This tells the SC Navigator applications that there will be multiple “Business Units”. See User Management in the AIMMS Cloud documentation for instructions. Once this group is created, add the users that should be able to manage the creation and deletion of Business Units.

Warning

Users added to this group have access to the data of all Business units, so make sure that only the right users are added to this group.

Setup User Groups

Once you have created the Business Unit - Admin, you also need to create users and user groups, again see User Management in the AIMMS Cloud documentation for instructions. These users and user groups determine which database schema will be used for any given user.

There are a few different ways to design this, based on your needs.

  1. External authorization: The first way is through external authorization, either Active Directory or SAML. In that case, you will need to setup an environment that is linked to Active Directory or SAML, and create user groups that matches the groups in either Active Directory or SAML. After that Active Directory or SAML will take care of the rest.
  2. Local user management: In that case, you need to setup an environment, just like in the previous option, but this is not connected to any external authorization tool. Once you have created that environment, you need to create a user group, and add the users that belong to this business unit to that group. You will also need to add one or more users to the Admin group in that environment. The users in the Admin group have the ability to add and remove users from this environment. This allows for user management inside the business unit.
  3. Global user management: In that case, you don’t need to setup an environment, you only need to create a user group, and add the users that belong to this business unit to that group. You don’t give any users admin rights, because of they have admin rights, they can also add themselves to Business Unit - Admin group created above, and have access to the data of all the business units.

Setup Database

The data is still in one database, but the SC Navigator platform will use different schemas for different business units. SC Navigator will generate the schema, based on the name you provide in the next steps. However, we recommend that you create a different user name and password, in the MySQL database, for each of business units. This user name should only have access to that particular schema, so that even knowing the name of another schema is not enough to get access. You can either do that directly into the MySQL Database or you can do this as part of the next step.

Setup Business Units

Once the user group Business Unit - Admin is created, the page “Settings > Business Unit Management” becomes available in Data Navigator, for the users in this group. If you open this page, you will see a list of all user groups that you created under Setup User Groups.

../../_images/schema_1.png

If you have not setup anything, it will list only the groups, but the schema and user name are blank. The passwords are not shown in this table for security reasons, because they should not be shown on the screen for a long time.

You can save the settings for any user group by entering the schema name, user name and password in this part of the screen:

../../_images/schema_2.png

Here you can also indicate if this user needs to be generate in the database, by checking “Generate DB User”. You should only do this, if the user has not been created yet.

Once you fill this in, you need to click on the Store DB Settings button. This will save the results in the AIMMS PRO Cloud storage, and any users in this group will use that schema. It will also show the schema and user name in the list mentioned above.

This page is also where you, as admin, can switch to the schema of a different group. This can help in case you need to support a specific business unit. For admins, the name of the schema is shown in the status bar. If you have not switch to any other environment, it will use the default schema.

The table on the bottom of this page, contains information on which users are part of which user groups:

../../_images/schema_3.png

Initially, it only shows the customer defined user group, together with the admin group. The widget action in this table can be used to switch between all groups and the customer defined groups.

The main purpose of this table is to see that your user groups are correctly defined, including the Business Unit - Admin. You want to prevent that users get access to the wrong data, because they are in the wrong group.