Data Manipulation

jamese shared this question 2 months ago
Answered

Hi,

We have a client wishing to use the "Data Manipulation" access that we currently have restricted.

There is a warning on the access level that states:

Warning: This should only be enabled for trusted developers, as it would allow them run custom scripts


Is there anywhere that goes in to more detail about what this does or allows? What are the potential risks?

We run a multi-client yellowfin so if it could allow them to break the bounds of the organisation they are in then that's going to be a no.

Is there any other potential security risks?

The only documentation I've found related to it is

https://www.yellowfinbi.com/blog/2018/01/have-a-case-of-dirty-data-treat-it-with-a-dose-of-data-transformation

So any additional information would be appreciated

Comments (3)

photo
1

Hi Jamese,

Thanks for reaching out. I'm assuming you're talking about the Data Transformations (as opposed to "Data Manipulation") permission since you linked an article about that towards the end, and since this is one of the few permissions with a warning:

/w+IaZHsB0EK9AAAAABJRU5ErkJggg==

We do have detailed documentation on this on our Wiki. You can read through the linked Wiki entry for more information on this.

I'd say the biggest reason there are warnings related to this is because creating Transformation Flows requires outputting results to a writable data source. If you look at the Output to SQL Database section in the above linked article, you'll find the following:

/+79eTUuKLoO3NeEUAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQuFsCS5boS19ZpqzcXN1X9KjrZzDHhu1qkjl2Y94jgAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCGSWwB9kVnbJLQIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIBAOgJMMqejx7YIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIBAhgkwyZxhBU52EUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgXQEmGROR49tEUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgQwTYJI5wwqc7CKAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAALpCDDJnI4e2yKAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIZJsAkc4YVONlFAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEE0hFgkjkdPbZFAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEMkyASeYMK3CyiwACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCKQjwCRzOnpsiwACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCGSYwP8D4DuJaWI+kpEAAAAASUVORK5CYII=

Considering it's possible to essentially delete tables and data, great care must be taken when executing these, and thus a great amount of trust in users creating Transformation Flows.

Hopefully this information is helpful. Please let me know if you have any further questions or concerns.

Regards,

Mike

photo
1

Hi Jamese,

I just wanted to check in and see how things are going with this. Did my response appear to give you what you were looking for?

Regards,

Mike

photo
1

Hi Jamese,

I'm going to go ahead and mark this one as Answered since I haven't heard back from you, but if you have further questions or concerns on this, if you respond, it will re-open the case and put it back in my queue and I'll be happy to help.

Regards,

Mike