Anonymize Reports in Dimension
To replace user names, IP addresses, host names, and mobile device names that appear in reports and dashboards with anonymized placeholder text, you can enable Anonymized Mode in your Dimension server settings. When users log in to Dimension while Anonymized Mode is enabled, log messages and detail reports are not available. Instead, users only see a restricted view of the pages that their assigned user roles allow them to see. This applies to all users, even users with Super Administrator privileges.
Anonymized placeholder text uses a standard pattern for each data type, is randomly generated, and is different for each user session. Placeholder text includes a randomly generated sequence of letters and numbers, and begins with these prefixes:
- USER
- DEVICE
- HOST
- IP-ADDRESS
When Anonymized Mode is enabled, a user with the Anonymization Officer role can log in to Dimension as a secondary user for a current user session and temporarily disable Anonymized Mode for only that session. When Anonymized Mode is temporarily disabled, the current user can see the data that was anonymized. When the current user logs out and logs in again, Anonymized Mode is enabled again.
After you enable Anonymized Mode and save your settings, make sure to add a user account with Anonymization Officer privileges.
Enable Anonymized Mode
When you enable and configure the settings for Anonymized Mode, you can optionally specify the title and text of the message the Anonymization Officer sees in the login dialog box. Dimension already includes explanatory text for the login dialog box, but you can replace this text with a different message, or add instructions to the current text to provide more information to your Anonymization Officer or to meet the requirements of your company.
To enable Anonymized Mode:
- Select > Administration > Administration > Server Management.
The Server Management pages open with the Status tab selected. - Select the Configuration tab.
The Configuration pages open with the General tab selected. - Select the Visibility tab.
- To unlock the configuration so you can make changes, click .
For more information about how to unlock and lock the Dimension configuration, go to Lock and Unlock the Dimension Configuration. - Select the Enable Anonymized Mode check box.
The Message Title and Message Text text boxes are enabled. - (Optional) In the Message Title text box, type a new title for the login dialog box.
- (Optional) In the Message Text text box, type the new message text to include in the login dialog box.
You can keep the current text and add your own text to it, or you can replace the text with your own message.
After you enable Anonymized Mode, when you log out and log in again, your user session is in Anonymized Mode and appears in the Dimension top navigation bar.
Anonymized Mode is enabled for all future user sessions.
When Dimension is in Anonymized Mode, users see a restricted view of the content that their user credentials allow them to see. For example, if a user with only the View All Logs role logs in while Anonymized Mode is enabled, that user will see the Devices and Groups tabs (but will not be able to select a device or group to see more information), and a message that the content the user has privileges to view is not available in Anonymized Mode. When the Anonymization Officer logs in during the session of the user with the View All Logs role to temporarily disable Anonymized Mode, the View All Logs user will be able to select a device or group and review the log messages.
Add an Anonymization Officer User Account
Before you can temporarily disable Anonymized Mode so you can see the data that has been anonymized, you must add a user account with the Anonymization Officer role.
You can only add an Anonymization Officer user account after you have enabled Anonymized Mode.
You can add a new user account with the Anonymization Officer role, or apply the Anonymization Officer role to a local user account that already exists in the Manage Users and Groups list. You can assign the Anonymization Officer role to a user account with only that role, or to a user account that is also assigned other roles. You can also enable the Anonymization Officer to temporarily disable Anonymized Mode for all devices, or only for certain devices. By default, the Super Administrator role also has Anonymization Officer privileges.
To add a new user account with the Anonymization Officer role:
- Select > Administration > Administration > Access Management.
The Access Management page opens, with the Users & Groups page selected. - To unlock the configuration so you can make changes, click .
For more information about how to unlock and lock the Dimension configuration, go to Lock and Unlock the Dimension Configuration. - Click Add.
The Add User or Group dialog box opens. - From the Type drop-down list, select Local User.
- In the Name text box, type the name for the Anonymization Officer user account.
- In the Password and Confirm Password text boxes, type the password to assign to the Anonymization Officer user account.
- Adjacent to Role(s) list, click and select Anonymization Officer.
- From the Devices drop-down list, select an option:
- All devices
- Specify devices — Click and select the devices.
- Click Save.
The new user appears in the Manage Users and Groups list.
For more information about how to add a user account, go to Manage Users and Groups.
Content Restrictions in Anonymized Mode
In Anonymized Mode, only these Dashboard pages are available:
- Executive Dashboard
- Security Dashboard
- Subscription Services
- ThreatMap
- FireWatch
- AP Devices
- Mobile Devices
Here are a few examples of how anonymized data appears in some of the Dashboard pages when Dimension is in Anonymized Mode.
You can also only view Summary reports when Anonymized Mode is enabled. Client reports and Detail reports are not available, and the View Details links are removed from Summary reports.
Other pages with anonymized content that are available in Anonymized Mode include:
- Tools > Device Summary
- Home > Devices
- Home > Groups
- Home > VPNs
The Home > Servers page is not available in Anonymized Mode.
In Anonymized Mode, Server reports, Compliance reports, and Detail reports cannot be included in a report schedule. Before these reports can be scheduled, Anonymized Mode must be disabled in the Visibility settings; they cannot be included in a schedule when the Anonymization Officer logs in to temporarily disable Anonymized Mode. If you have included these reports in a schedule before Anonymized Mode is enabled in the Visibility settings, when Anonymized Mode is enabled, these reports are not included in the scheduled report output.
Temporarily Disable Anonymized Mode
To temporarily disable Anonymized Mode so that the user who is currently logged in to Dimension can see the user names, IP addresses, host names, and mobile device names that appear in Dashboard pages and reports, a user with Anonymization Officer credentials can log in to Dimension during the current user session. When the Anonymization Officer logs in, the placeholder text is replaced with the real data that was anonymized.
To temporarily disable Anonymized Mode:
- In the Dimension top navigation bar, click .
The Disable Anonymized Mode dialog box opens. Tip!
- In the User Name and Passphrase text boxes, type the credentials for a user account with Anonymization Officer credentials.
- Click OK.
Anonymized data in Dimension is temporarily available and is removed from the top navigation bar.
When the user logs out and logs in again, Anonymized Mode is enabled again for that user and appears again in the top navigation bar.