1. API reference
  2. Welcome
    1. Component overview
    2. Quick start
    3. System requirements
    4. Troubleshooting
    5. Managing license keys
  3. Connecting to Data Source
    1. JSON
      1. Connecting to JSON
      2. Data types in JSON
    2. CSV
      1. Connecting to CSV
      2. Connecting to CSV using Compressor
      3. Data types in CSV
    3. Database
      1. Connecting to SQL databases
      2. Connecting to other databases
      3. Connecting to database with Node.js
      4. Connecting to database with .NET
      5. Connecting to database with .NET Core
      6. Connecting to database with Java
      7. Connecting to database with PHP
    4. Microsoft Analysis Services
      1. Connecting to Microsoft Analysis Services
      2. Getting started with Accelerator
      3. Installing Accelerator as a Windows Service
      4. Referring Accelerator as a DLL
      5. Configuring authentication process
      6. Configuring secure HTTPS connection
      7. Troubleshooting
    5. Pentaho Mondrian
      1. Connecting to Pentaho Mondrian
      2. Getting started with Accelerator
      3. Configuring Mondrian roles
      4. Сonfiguring username/password protection
      5. Сonfiguring secure HTTPS connection
      6. Troubleshooting
    6. icCube
  4. Security
    1. Accelerator security
    2. Data Compressor Security
  5. Configuring report
    1. What is a report
    2. Data source
    3. Slice
    4. Options
    5. Number formatting
    6. Conditional formatting
    7. Set report to the component
    8. Get report from the component
    9. Date and time formatting
    10. Configuring global options
    11. Export and print
    12. Calculated values
    13. Custom sorting
  6. Integration with frameworks
    1. Available tutorials
    2. Integration with AngularJS (v1.x)
    3. Integration with Angular
    4. Integration with React
    5. Integration with Webpack
    6. Integration with ASP.NET
    7. Integration with jQuery
    8. Integration with JSP
    9. Integration with TypeScript
    10. Integration with RequireJS
    11. Integration with PhoneGap
  7. Integration with charts
    1. Integration with Highcharts
    2. Integration with Google Charts
    3. Integration with FusionCharts
    4. Integration with any charting library
  8. Customizing
    1. Customizing toolbar
    2. Customizing appearance
    3. Customizing context menu
    4. Localizing component
  9. Updating to the latest version
    1. Updating to the latest version
    2. Release notes
    3. Migration guide from 2.5 to 2.6
    4. Migration guide from 2.4 to 2.5
    5. Migration guide from 2.3 to 2.4
    6. Migration guide from 2.2 to 2.3
    7. Documentation for older versions
Table of contents

Accelerator security

Protection of the sensitive data is a top priority for our company. This tutorial covers all security aspects of using Flexmonster Accelerator to connect to SSAS cubes. Follow the sections:

  1. Data transferring process
  2. Data transferring security
  3. Protecting the OLAP cube
  4. Data security at the client-side
  5. HTTPS configuration
  6. Data access management
  7. Additional benefits when referring the Accelerator as a DLL

1. Data transferring process

One of the most popular questions we get is how the data from the OLAP cube can be transferred to Flexmonster Pivot. Flexmonster Accelerator serves as an additional server-side layer that helps to restrict access to the database from outside completely. When connecting to the data source inside the pivot table, the URL to the Accelerator is specified instead of the SSAS server URL. Flexmonster sends the requests to the Accelerator. Then Flexmonster Accelerator communicates with the SSAS server and gets the necessary data. This data is sent back to the client-side from the Accelerator. The flowchart below describes the process:


2. Data transferring security

To ensure the data security at the server-side, the Accelerator doesn’t accept requests from any other web applications, only from Flexmonster. Is it not possible to send HTTP request directly to Flexmonster Accelerator without using Flexmonster Pivot. Also, the Accelerator doesn’t accept response/request that was changed during the communication process. Each response/request contains a checksum for the package to ensure that it was not changed.

The only requirement is a necessity to open additional port on the server for the Accelerator. However, this is not a specific requirement for our component but a strong restriction imposed by the browser’s security. It is absolutely necessary to use CORS and extra port and there is no workaround. Otherwise, the clients’ browser will not allow communicating with the server.

3. Protecting the OLAP cube

As long as only the Accelerator needs to communicate with the client-side, it is recommended to restrict any external access to the OLAP cube. In this case, the access to the cube is available exclusively on the local server. This method increases security and protects against external threats:

  • password cracking
  • unauthorized access to the OLAP cube
  • data theft

In the case when the SSAS server and the Accelerator are located on different servers, it is necessary to open the port on the SSAS server for the Accelerator.

4. Data security at the client-side

To ensure the data security at the client-side, it’s not possible to read the data from the server without Flexmonster Pivot. Each response/request contains a checksum for the package. If this checksum is invalid, an error message is shown instead of the data.

5. HTTPS configuration

As much as the connection between the Accelerator and Flexmonster Pivot is secured, using of HTTP protocol poses a treat because it does not encrypt the data. HTTPS protocol encrypts the data and protects it from the interception. Flexmonster Accelerator supports HTTPS, for more details refer to the configuration tutorial.

6. Data access management

Often it is necessary to limit the access to the data based on a certain user role. Flexmonster provides several options to manage data access levels. Here are the security models available:

7. Additional benefits when referring the Accelerator as a DLL

One of the installation options for the Accelerator is integrating it into the back-end as a separate ASP.NET controller. This eliminates the necessity to configure firewall settings and simplifies the updating process. Referring the Accelerator as a DLL also allows using your custom authorization system. Such possibility is used to manage security in any desired way. For more instructions refer to the custom authorization tutorial.