Applying RLS to a Parameter

When a parameter is bound to a DBField, you can apply a record-level security policy (RLS) of data source scope to the parameter. The security policy is specified on the DBField that is bound to the parameter. At runtime, end users will only see parameter values which the security identifier allows to view in the parameter value drop-down list.

The following example explains how to apply RLS to the value drop-down list of a parameter in detail.

Open the catalog file SampleReports.cat in <install_root>\Demo\Reports\SampleReports.

In the Catalog Manager, expand the data source where you want to create the parameter.

Right-click Security Entry in the Security node, click New Security Entry on the shortcut menu, then name the security policy CusCountry.

In the Security dialog, make sure Valid RLS is checked at the bottom left.

Click

and then select Add User to add the user John, which has the permission to view the Canada records in the Country column only.

Set Permission for John

Add another user David which has the permission to view records in the United Kingdom only.

In the same data source, right-click the Parameters node and click New Parameter on the shortcut menu.

In the New Parameter dialog, enter pCountry in the Name field, select Bind with Single Column from the Value Setting drop-down list, and bind the parameter with the Country column. In the Options box, select CusCountry as value of Record Level Security, and then set the Distinct option to true. Click OK.

New Parameter dialog

Create a query CustomersInfo on the table Customers. Select all the fields contained in the table.

Create a page report with a standard banded object in it based on the query, and have the fields Customer ID, Customer Name, Country and Phone displayed in the report.

In the Data panel, right-click the node that represents the query, and then select Edit Query from the shortcut menu.

In the Query Editor, click Menu > Query > Filter.

In the Search Condition dialog, add a condition for the query as follows (for details, see Filtering with the Filter Format):

Add a condition in the Search Condition dialog

Click OK to apply the changes to the query.

Click File > Options, in the General category of the Options dialog, set the User Name as John.

View the report, and the Enter Parameter Values dialog is displayed.

Click the parameter value drop-down list, and you can see that only Canada is displayed for the user name.

Enter Parameter Value dialog

Set the user name as David in the Options dialog and view the report again. You will find that only the value United Kingdom is displayed in the parameter value drop-down list this time.

Notes:

When applying an RLS policy to a parameter bound with a column, you must make sure the parameter bound column and the column used to set conditions in the RLS policy are in the same table. In addition, if the RLS policy also contains conditions defined on other columns, all the columns must be in the same table, and the RLS policy cannot contain parameters and formulas; otherwise, when you apply the RLS to the parameter, the RLS would not work properly.
When you have applied an RLS policy to a parameter and then you edit the SQL statement of the parameter via the Import SQL option in the New Parameter dialog, the parameter value drop-down list may be Null because the changed SQL statement may not match the permissions of the RLS.
When previewing a report that contains parameters applied with RLS in the Page Report Result or Web Report Result format in JReport Designer, you need to make sure your RLS policy contains the user Jinfonet. That is because the user Jinfonet is the default and only user of the preview server. Any other users in the RLS policy cannot be recognized by the preview server.