Home
Security
Perform tasks to secure your data on the Spectrum Technology Platform2022.1.0.
Using HTTPS
Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication.

Welcome
Perform administrative tasks required to manage the operation of Spectrum Technology Platform on your system.
Getting Started
Configure and run a new installation of Spectrum Technology Platform.
Approval Flows
Define approval flows that data stewards use to review and accept records generated in a job by Exception Monitor.
Security
Perform tasks to secure your data on the Spectrum Technology Platform2022.1.0.
- Security Model
  Spectrum Technology Platform uses a role-based security model to control access to the system.
- Users
  Spectrum Technology Platform user accounts control the types of actions users can perform on the system.
- Roles
  Spectrum Technology Platform comes with these some predefined roles.
- Access Control
  Access control settings work in conjunction with roles to define the permissions for a user. Roles define the permissions for categories of entities, such as all dataflows or all database resources, and access control settings define the permissions for specific entities, called secured entities. Examples of secured entities include specific jobs or specific database connections. For example, you may have a role that has granted the Modify permission to the secured entity type "Dataflows", but you may want to prevent users from modifying one specific dataflow. You could accomplish this by using access control to remove the Modify permission for the specific dataflow you do not want modified. You can specify access control settings for users and roles. Access control settings for a user override that specific user's permissions as granted by the user's roles. Access control settings for roles apply to all users who have that role.
- Security for Spatial
- Limiting Server Directory Access
  You can browse the Spectrum Technology Platform server's folders when performing tasks that require them to select a file. For example, users can browse the server when selecting an input or output file in a source or sink stage in Spectrum Enterprise Designer.
- Using HTTPS
  Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication.
  - Enable HTTPS in Spectrum
    By default the Spectrum Technology Platform server uses HTTP for communication with Spectrum Enterprise Designer, browser applications such as Spectrum Management Console and Metadata Insights, as well as for handling web service requests and API calls.
  - Using WebFolders to Access Spectrum Spatial Repository Resources
    To add or modify a named resource, you can copy it to or from the repository using a WebDAV tool. Using WebFolders is an easy way to access the Spectrum Spatial repository and the resources contained in it.
  - Implementing self-signed certificates
    Spectrum SSL properties offer varying degrees of control of certificate verification through Certificate Authorities (CAs).
- Web Service Authentication
  Spectrum Technology Platform web services require authentication with valid user credentials. There are two methods for authenticating: Basic authentication and authentication by token.
- Using LDAP or Active Directory for Authentication
  Spectrum Technology Platform can be configured to use an LDAP or Active Directory server for authentication.
- Implementing Spectrum Single Sign-on (SSO)
  Spectrum Technology Platform provides single sign-on (SSO), leveraging Active Directory Federation Services (AD FS), Ping Identity, and Azure Identity Provider (IDP).
- Encryption
Data Sources
Configure data sources from which to load and process data in Spectrum Technology Platform2022.1.0.
Spectrum Databases
Manage databases that contain data from trusted data providers. These include databases used by Enterprise Tax, Geocoding, Global Sentry, Universal Addressing, Spatial and Routing.
Services
Access Spectrum Services through a REST or SOAP web service interface.
Flows
Schedule and manage job execution, options, and defaults.
Performance
Perform tasks to get optimal performance from your Spectrum Technology Platform environment.
Monitoring
Monitor system performance and configure notification and use system and audit logs.
Backup and Restore
Schedule or create backups and restore the Spectrum Technology Platform server.
Settings
View and configure Data Stewardship and Context Graph settings.
Administration Utility
Use the Administration Utility Command Line Interface (CLI) to manage Spectrum components and data.
Spectrum properties
Reference information for spectrum-container.properties properties and proxy server settings.
About Spectrum Technology Platform
An overview of Spectrum, its data management architecture, its platform architecture, and its modules and components.

Using HTTPS

Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication.

By default the Spectrum Technology Platform server uses HTTP for communication with Spectrum Enterprise Designer, browser applications such as Spectrum Management Console and Metadata Insights, as well as for handling web service requests and API calls. You can configure Spectrum Technology Platform to use HTTPS if you want to secure these network communications.

This section describes how to configure the Spectrum server to use Secure Socket Layer (SSL). Technically, the term "SSL" now refers to the Transport Layer ouSecurity (TLS) protocol, which is based on the original SSL specification. Before you configure HTTPS on the Spectrum server, you will need to create an RSA public/private key pair, generate a certificate signing request (CSR) that embeds your public key, share your CSR with a Certificate Authority (CA) to receive a final certificate or a certificate chain, and install the final certificate on the Spectrum server.

You can also also use a self-signed certificate, although this is only recommended for test purposes.

If you want to use HTTPS and you are running Spectrum Technology Platform in a cluster, do not follow this procedure. Instead, configure the load balancer to use HTTPS for communication with clients. Communication between the load balancer and the Spectrum Technology Platform nodes, and between the nodes themselves, will be unencrypted because Spectrum Technology Platform clustering does not support HTTPS. The load balancer and the Spectrum Technology Platform servers in the cluster must be behind a firewall to provide a secure environment.