Security Guide · Version 1.4.0 · October 2016
Copyright © 2015, 2016 Oracle and/or its affiliates. All rights reserved.
Studio enables users to create custom visualizations and transform scripts, which require them to do some coding. In these cases, special security measures have been implemented to prevent users from accessing sensitive data.
Custom transform scripts are Groovy scripts that users write and run in Studio's Transform component. For security purposes, Transform only supports a subset of the Groovy language, which excludes functions that could be used to compromise your data or your system. Scripts containing these functions will produce an error. For more information, see the Studio User's Guide.
The Custom Visualization Component (CVC) is an extension to Studio that lets you create customized visualizations in cases where the default Studio components don't meet your specific needs. Custom visualizations obtain the data they display by executing hard-coded EQL queries.
To prevent users from using them to access sensitive data, these queries are parsed and validated at runtime to ensure they're compliant with Studio's security restrictions. For more information on the CVC, see the Extensions Guide. More information on EQL is available in the EQL Reference.
Security Guide · Version 1.4.0 · October 2016
Copyright © 2015, 2016 Oracle and/or its affiliates. All rights reserved.