Previous Page Next Page
JReport Server administrators can create dynamic security policies for catalogs published to the server using security files, which contain catalog internal security definitions. With dynamic security, administrators can dynamically change the security policy applied to a catalog.
Developer users can also use API to manage dynamic security.
The security files that can be used to create dynamic security on JReport Server are in XML format. You can create the security files by yourself, however, the best way to generate a security file is using JReport Designer (for details, see Exporting Catalog Security into a Security File in the JReport Designer User's Guide).
A security file can contain security definitions of record-level security (RLS), column-level security (CLS) and business view security. For how to define RLS and CLS in an XML file, see the topic Importing/exporting security information from/to external XML files in the JReport Designer User's Guide. As for the format of business view security, you can refer to the sample file DynamicSecurity.xml, which is stored in <install_root>\help\samples\DynamicSecurity.
Suppose that a business view security policy is defined as follows:
| Principal | Element | Visible Permission | Access Permission | Allowed Set | Denied Set | Allow Unspecified Members |
|---|---|---|---|---|---|---|
| everyone | Customer.Country | Allow | Allow | China | Japan | True |
In the XML file, it will be written like below:
When the Allowed Set and Denied Set are defined using expressions, for example:
| Principal | Element | Visible Permission | Access Permission | Allowed Set | Denied Set | Allow Unspecified Members |
|---|---|---|---|---|---|---|
| everyone | Orders Detail.Order ID | Allow | Allow | "Order ID" > 3431 And "Order ID" < 3005 | "Order ID" between 3008 and 3011 | True |
In the XML file, the business view security policy will be like this:
To create a dynamic security policy, take the following steps:
One catalog can have several dynamic security policies. In this case, you can specify which one of them will be used as the default dynamic security of the catalog. To do this, click the false link in the Is Default column for the dynamic security.
If you want to remove a dynamic security policy, check it in the dynamic security table, then click the Delete link above the table. You can delete multiple dynamic security policies at a time.
The following are details about the options in the Security - Dynamic Security page:
| Option | Description | ||
|---|---|---|---|
| New Dynamic Security | Creates a dynamic security in the New Dynamic Security dialog. | ||
| Delete | Deletes the selected dynamic security. | ||
| Search | Searches for specific dynamic security.
|
||
| Dynamic security table | |||
| Checkbox | Specifies whether or not to select a dynamic security. Select the checkbox on the column header to select all the dynamic security. | ||
| Catalog | Displays the catalogs for which the dynamic security are created with the full resource path, for example, /SampleReports/SampleReports.cat. You can click the column header to sort the column. |
||
| Security File | Displays the names of the catalog security files for the dynamic security. You can click the column header to sort the column. | ||
| Is Default | Shows whether the dynamic security is set to the default. The value is editable. Click in the Is Default cell of a dynamic security and then select true or false from the drop-down list. For a catalog, only one dynamic security can be set to true and the latest setting takes effect. You can click the column header to sort the column. | ||
| Controls | Controls the dynamic security.
|
||
The security file based on which the dynamic security policy of a catalog is created can be modified. To do this, click the Upload link in the Controls column for the dynamic security, then in the Upload Dynamic Security dialog, select another security file to create the dynamic security for the catalog.
The dynamic security defined on server can be downloaded to a file. To do this, click the Download link in the Controls column for the dynamic security, in the displayed dialog, click OK to save it. You can then further modify the security definitions in the file. After editing, you can upload the file to a dynamic security policy to change the security definitions in the policy.
When a catalog is specified with a default dynamic security policy, when running reports, dashboards, or analysis templates which use the catalog, no matter interactive, on-demand, or scheduled, JReport will always try to load the dynamic security for the catalog before running and try to use the security defined in the security file on which the dynamic security is created to replace the catalog security.
If the security file mentions a business view element, but the element is not in the catalog, it will be ignored.
If there is no default dynamic security specified for a catalog, the security definitions created in the catalog at design time will be used.
in the text box to start the search. The x button in the text box is used to clear the input text.