RLS at Report Scope

The record-level security (RLS) can also be of report scope, that is, you can create different record-level security policies for different reports. When a report is applied RLS of both the report and data source scopes, the report-scope RLS will override that of the data source scope. Column-level security (CLS) is not supported at report scope.

RLS at report scope cannot be applied to reports that use business view as the data source, that is it is only supported on a query based page report.

To set up a record-level security policy for a query based page report:

Open the page report.

In the Report Inspector, select the node that represents the dataset the page report uses in the Datasets node.

In the Security section of the Properties sheet, click in the value cell of the Record Security property, then click

Set Record Security Property

The Record Level Security Information dialog appears.

Record Level Security Information dialog

Click the Add button to add a condition line and edit the security information by clicking corresponding cells.

If you want to use more values in one cell, use "|" to separate them (applies to the User, E-mail, and Title cells). This is useful when you want to apply the same conditions to multiple users. For example, if you want user1, user2, and user3 to share the same security setting, input user1|user2|user3 in the User cell, and then define the security condition.

Add more condition lines as required. If you want to apply more than one condition expression to a user, you can edit the condition expressions in several individual lines, typing in the same user name for each line. For such compound conditions, the relationship among them is logical OR.

You can also create a text file, add the security settings, and then click Import Text to import the security information from the text file into the Record Level Security Information dialog. After importing, you can click the cells to further edit the security settings if required. Note that when you create the text file to include the security information, you should use TAB to separate each item, and always keep the headings (User, Role, Column, and so on) on the first line of the text file. For example,

User	Role	Column	Operator	Value	E-mail	Title
admin	admin
user1		Customer ID	>=	10	user1@yoursite.com	Mr.
user1		Customer Name	=	'Absolute Java'
user2		Customer Name	IN	('Absolute Java','American Coffee Inc.')	user2@yoursite.com	Miss
user3		Phone	IN	('(212) 555-3462','(317) 555-1274')	user3@yoursite.com	Mrs.

Click OK to finish defining the security information and close the dialog.

If necessary, you can also use a formula to specify the security condition and set it as value of the Function property on the dataset of the report to control the RLS conditions on the report.

For example, if user1 should only see records which satisfy the condition State = 'CO' and Customer ID >= 10, you can create a formula as follows:

if ( @State == 'CO' && @"Customer ID">= 10 ) return "user1"

Then from the value list of the Function property, select the formula.

When the Record Security and Function properties have been set to control the record-level security on a report, both will take effect, and the relationship between them is logical OR.

After the report is published to JReport Server, when different users log onto the server and run it, they will only see the data they are supposed to see.

Note: In the Record Level Security Information dialog, the date values provided in the drop-down list may not be valid for your database, because they are date values that have already been reformatted using your date format settings in JReport. For detailed information on how to set the date format in JReport Designer, see the Date Format explanation of the document Get JDBC Connection Information dialog.