There are potentially additional issues here, where the security of data within aggregated views will need to be considered when developing BIA Content, as this is a key concern. As a basic principle the assumption is that where data has been aggregated; so that individual details can no longer be discerned, then it is acceptable to ignore security based on the underlying data. In switching to views where the underlying data is accessible, then the security must be enforced.
To this end we are recommending two approaches for constructing reports:
- Where the data will only be presented in the aggregate and anywhere that underlying data is accessible only through the BIA Application, the report should query the databases (both on-line and the data warehouse) directly.
- Where the data will be presented in a way that exposes the underlying data, or where very specific data security requirements exist, the report should make EJB calls to facades in the BIA Application to retrieve the data.