5 min read

[box type=”note” align=”” class=”” width=””]The following excerpt is taken from the book Learning Einstein Analytics written by Santosh Chitalkar. This book includes techniques to build effective dashboards and Business Intelligence metrics to gain useful insights from data.[/box]

Before getting into security in Einstein Analytics, it is important to set up your organization, define user types so that it is available to use. In this article we explore key aspects of security in Einstein Analytics.

The following are key points to consider for data security in Salesforce:

  • Salesforce admins can restrict access to data by setting up field-level security and object-level security in Salesforce. These settings prevent data flow from loading sensitive Salesforce data into a dataset.
  • Dataset owners can restrict data access by using row-level security.
  • Analytics supports security predicates, a robust row-level security feature that enables you to model many different types of access control on datasets.
  • Analytics also supports sharing inheritance.

Take a look at the following diagram:

Data security in Salesforce

Salesforce data security

In Einstein Analytics, dataflows bring the data to the Analytics Cloud from Salesforce. It is important that Einstein Analytics has all the necessary permissions and access to objects as well as fields. If an object or a field is not accessible to Einstein then the data flow fails and it cannot extract data from Salesforce. So we need to make sure that the required access is given to the integration user and security user. We can configure the permission set for these users. Let’s configure permissions for an integration user by performing the following steps:

  1. Switch to classic mode and enter Profiles in the Quick Find / Search… box
  2. Select and clone the Analytics Cloud Integration User profile and Analytics Cloud Security User profile for the integration user and security user respectively:
  3. Save the cloned profiles and then edit them
  4. Set the permission to Read for all objects and fields
  5. Save the profile and assign it to users

Take a look at the following diagram:

Salesforce data security

Data pulled from Salesforce can be made secure from both sides: Salesforce as well as Einstein Analytics. It is important to understand that Salesforce and Einstein Analytics are two independent databases. So, a user security setting given to Einstein will not affect the data in Salesforce. There are the following ways to secure data pulled from Salesforce:

Salesforce Security Einstein Analytics Security
Roles and profiles Inheritance security
Organization-Wide Defaults (OWD) and record ownership Security predicates
Sharing rules Application-level security

Sharing mechanism in Einstein

All Analytics users start off with Viewer access to the default Shared App that’s available out-of-the-box; administrators can change this default setting to restrict or extend access. All other applications created by individual users are private, by default; the application owner and administrators have Manager access and can extend access to other Users, groups, or roles. The following diagram shows how the sharing mechanism works in Einstein Analytics:

Sharing Mechanism in Einstein

Here’s a summary of what users can do with Viewer, Editor, and Manager access:

Action / Access level Viewer Editor Manager
View dashboards, lenses, and datasets in the application. If the underlying dataset is in a different application than a lens or dashboard, the user must have access to both applications to view the lens or dashboard. Yes Yes Yes
See who has access to the application. Yes Yes Yes
Save contents of the application to another application that the user has Editor or Manager access to. Yes Yes Yes
Save changes to existing dashboards, lenses, and datasets in the application (saving dashboards requires the appropriate permission set license and permission). Yes Yes
Change the application’s sharing settings. Yes
Rename the application. Yes
Delete the application. Yes

Confidentiality, integrity, and availability together are referred to as the CIA Triad and it is designed to help organizations decide what security policies to implement within the organization. Salesforce knows that keeping information private and restricting access by unauthorized users is essential for business. By sharing the application, we can share a lens, dashboard, and dataset all together with one click. To share the entire application, do the following:

  1. Go to your Einstein Analytics and then to Analytics Studio
  2. Click on the APPS tab and then the icon for your application that you want to share, as shown in the following screenshot:

Analytics Studio

3. Click on Share and it will open a new popup window, as shown in the following screenshot:

Sales App

Using this window, you can share the application with an individual user, a group of users, or a particular role.

  1. You can define the access level as Viewer, Editor, or Manager
  2. After selecting User, click on the user you wish to add and click on Add
  3. Save and then close the popup

And that’s it. It’s done.

Mass-sharing the application

Sometimes, we are required to share the application with a wide audience:

  1. There are multiple approaches to mass-sharing the Wave application such as by role or by username
  2. In Salesforce classic UI, navigate to Setup|Public Groups | New
  3. For example, to share a sales application, label a public group as Analytics_Sales_Group
  4. Search and add users to a group by Role, Roles and Subordinates, or by Users (username):

Public groups5. Search for the Analytics_Sales public group

6. Add the Viewer option as shown in the following screenshot:

7. Click on Save

Protecting data from breaches, theft, or from any unauthorized user is very important. And we saw that Einstein Analytics provides the necessary tools to ensure the data is secure.

If you found this excerpt useful and want to know more about securing your analytics in Einstein, make sure to check out this book Learning Einstein Analytics.

Learning Einstein Analytics


Data Science Enthusiast. A massive science fiction and Manchester United fan. Loves to read, write and listen to music.


Please enter your comment!
Please enter your name here