Hello everyone!
This release contains a great new feature to enhance security in your applications: Personal Access Tokens (PATs). PATs are a secure way for users to allow external parties to connect with your application.
We are also introducing environment interaction logs in IAM. These logs help detect issues such as malfunctioning external services, disks and printers, application landscape connectivity problems, and provider misconfiguration.
Additionally, security checks have been added to IAM. These checks can be used to ensure that users are not authorized to access more data than intended. They can be configured for a user and focus on specific domains within an application.
We also introduced custom reports. You can configure custom reports in IAM by overriding the default report file for an application or, in the Software Factory, by using a report file stored in the file system.
Lastly, we implemented many changes and features to improve developers' workflows. Some of these quality-of-life improvements are also listed in this blog.
This post highlights the key features of the release. For detailed release notes, visit the Thinkwise Documentation.
Contents
Highlights of this release
Personal access tokens
new
Universal GUI
Security is a key aspect of any system, which is no different for the Thinkwise Platform. To further enhance security, we are introducing Personal Access Tokens (PATs) as another type of authentication.
Personal Access Tokens are a secure way for users to allow external parties to connect with their application. Users can create their own tokens and assign them a limited set of application permissions. If a PAT is leaked, the token can be revoked by the user or an IAM administrator without the need to change the user's password.
Or, from a technical point of view: PATs are a way for external parties to log in to the Indicium API with a token instead of basic authentication. This token can be scoped to only access the necessary resources within the rights of the user. User credentials are not shared.
Users can create PATs in the application in their profile menu. They need to select an application, add a name, and select the permissions they want to assign to the token. The expiration date can be set from one day to one year.
With a PAT, users can achieve features in an application without waiting for others to implement them.
Examples in applications:
-
Set up webhooks (for example, with a service like If This Then That (IFTTT)) that perform actions on the user's behalf or poll the user's data in a Thinkwise application, such as:
- Synchronizing appointments between a Thinkwise application and their personal Google or Apple calendar
- Synchronizing data between a Thinkwise application and another application, such as a Finance or CRM application, on behalf of the user
- Setting up an automated process to receive an email or text message when the status of a task, order, invoice, transaction, project, or ticket changes
- Starting a long-running process flow at night, such as importing data or generating invoices on behalf of the user
- Setting up an AI Assistant to answer questions about the data in a Thinkwise application
Examples in Indicium administration:
- Integrating Indicium health checks into load balancer decision making
- Verifying Indicium and database health after running a CI/CD pipeline
You can follow this flow diagram to decide if using PATs is the best solution or whether another way of authentication would be better (click to enlarge):
Monitor your environment in IAM
new
3-tier
main administrator
application administrator
You now have access to environment interaction logs in your production environments. The primary goal of these logs is to detect malfunctioning external services, disks and printers, application landscape connectivity problems, and provider misconfiguration.
The logs are created when the Indicium service tier interacts with the application environment. The interaction done by the 2-tier Windows GUI will not generate any logs.
Available log sources:
The following log sources are available for each application (menu Authorization > Applications > Environment monitoring):
- Application-related logging
- Application database logs - These do not log all actions to access the database but can be used to detect application database connectivity problems
- Provider-related logging
- Web connection logs
- Email provider logs
- File storage provider logs
- OAuth server logs
- Generative AI provider logs
- Printer logs
- Process action-related logging
- HTTP connector logs
- SMTP connector logs
- Disk file logs (non-file storage)
- FTP connector logs (non-file storage)
- Application connector logs
- Database connector logs (not yet available)
Log analyses are also available, globally and per application. These analyses are based on the last 30 days, as this is the minimum log retention time.
Security checks in IAM
new
main administrator
The data that is accessible to an end user depends on the configuration of various actors and settings in IAM, the Software Factory, and the end application data. To ensure that users are not authorized to access more data than intended, IAM now offers security checks to assert the correct configuration. These assertions are called Security checks.
A security check is configured for a user and revolves around specific domains in an application. The checks are verified by simulating the user with the application data and the current configured rights.
Examples of security checks:
- The user b.hanssen may never see columns with the value
j.vandyk@competitor.com
using the domainemail
in application 395 - myproduct. - The user s.harris may only see records with values
5
,6
, and7
for columns using the domaincustomer_id
in application 395 - myproduct. - The user s.harris may not see records with values
concept
ornull
for columns using the domaininvoice_status
in application 395 - myproduct.
You can schedule security checks to be executed a number of times per day but you can also run them manually.
Custom reports
new
Reports can now be customized in two ways:
- Override the default report file for an application - The default file for a report is configured in the Software Factory. You can now override this default file for an application in IAM. You can upload a different file or change the file path for the selected application. You can use this, for example, to use a different logo in the report for a specific application. Previously, you had to switch the logo within the report.
- Use a report file stored in the file storage - Previously, it was not possible to show a different report based on the data when a report was stored in the file storage. For example, if you wanted to show different reports for large orders and for small orders. To solve this, we have added a new report property (Report file) to the Software Factory. You can use it for storing report files in your storage location and supplying them in a report parameter with the required data using a default procedure.
Some quality-of-life improvements
- Performance - We improved the performance of the platform in several areas, for example:
- Synchronization to IAM - The effective rights are now calculated more efficiently.
-
The
tsf_optimize
procedure -This procedure can speed up SQL Server performance when many indexes are fragmented and statistics are outdated. Now, you can run it in a system flow.
- Merging - We have made several improvements to the merging process:
- It is now easier to view errors, if any, in the latest merge session, which is especially useful for scheduled merge sessions.
- When merging branches, it is crucial to ensure the merge session data is up-to-date. We have added the task Check merge session to see if the merge session is still up-to-date for the branches involved.
- Usually, you want to merge everything from a branch to the main model, solve conflicts, and then execute the merge. However, sometimes, you want to exclude certain actions from the merge execution. You can now exclude delta actions from a merge session with the new task Exclude merge action.
- Unit tests - We have made several improvements to the unit tests:
- The unit test screens have received a mostly visual but partly functional update.
- Unit tests now support table-valued functions.
- We have improved the screen Mock data by adding additional information about the data.
- Code search - We have made several improvements to the code search:
- Code search results are now displayed in a hierarchical tree format.
- We have introduced a new task, Hide search result. It allows you to hide specific items from the code search results that are of no interest to you.
- Groups - You can now add object groups through dedicated tabs displayed next to the object itself in several locations. Previously, you had to open the lookup pop-up and add the group there.
- Storage - We have added several new settings to manage the retention of historical data:
- System versioning - to specify a retention period for historical data.
- Session log retention - to specify a retention period for user session logs.
- Archived branch retention - to specify a retention period for archived branches and their history data.
Questions or suggestions?
Questions or suggestions about the release notes? Let us know in the Thinkwise Community!