Managing Permissions

Permissions, associated with resources (including folders) located in the public folders in the server resource tree, are the rules that are granted to users to control their access to resources.

Permissions in JReport Server include:

Permission	Description
Visible	Allows or denies viewing object names in the resource tree or version table, such as folders, resources, and archive versions.
Read	Allows or denies viewing object properties, versions, and, if it is a folder, folder contents.
Write	Allows or denies publishing folders and resources, changing the properties (not including permission settings) of the objects in the resource tree or version table, such as folders, resources, and archive versions, and modifying version table settings.
Execute	Allows or denies: Basic View of Page Report Studio when running page reports and page report results in Page Report Studio. View Mode of Web Report Studio when running web reports in Web Report Studio. View mode of JDashboard when running dashboards. Opening analysis templates. Running reports in Advanced mode. Running reports, dashboards or analysis templates via URL is also under the permission control.
Edit	Allows or denies: Interactive View of Page Report Studio when running page reports and page report results in Page Report Studio. Edit Mode of Web Report Studio when running web reports in Web Report Studio. Edit mode of JDashboard when running dashboards. Execute permission is also required. Running reports or dashboards via URL is also under the permission control.
Schedule	Allows or denies submitting resources to schedules (for report type resources only).
Delete	Allows or denies deleting objects from the resource tree or version table, such as folders, resources, and archive versions.
Grant	Allows or denies granting permissions to other users, groups or roles. Only members in the administrator role can assign the Grant permission to other users or groups or roles. Users, groups or roles that have obtained the Grant permission are also endowed with the other permissions, and users can then grant these permissions except the Grant permission itself to other users in the same group.
Update Status	Allows or denies updating report status, and if it is a folder, the status of reports in the folder.

Permission

Description

Visible

Allows or denies viewing object names in the resource tree or version table, such as folders, resources, and archive versions.

Read

Allows or denies viewing object properties, versions, and, if it is a folder, folder contents.

Write

Allows or denies publishing folders and resources, changing the properties (not including permission settings) of the objects in the resource tree or version table, such as folders, resources, and archive versions, and modifying version table settings.

Execute

Allows or denies:

Basic View of Page Report Studio when running page reports and page report results in Page Report Studio.
View Mode of Web Report Studio when running web reports in Web Report Studio.
View mode of JDashboard when running dashboards.
Opening analysis templates.
Running reports in Advanced mode.

Running reports, dashboards or analysis templates via URL is also under the permission control.

Edit

Allows or denies:

Interactive View of Page Report Studio when running page reports and page report results in Page Report Studio.
Edit Mode of Web Report Studio when running web reports in Web Report Studio.
Edit mode of JDashboard when running dashboards. Execute permission is also required.

Running reports or dashboards via URL is also under the permission control.

Schedule

Allows or denies submitting resources to schedules (for report type resources only).

Delete

Allows or denies deleting objects from the resource tree or version table, such as folders, resources, and archive versions.

Grant

Allows or denies granting permissions to other users, groups or roles. Only members in the administrator role can assign the Grant permission to other users or groups or roles. Users, groups or roles that have obtained the Grant permission are also endowed with the other permissions, and users can then grant these permissions except the Grant permission itself to other users in the same group.

Update Status

Allows or denies updating report status, and if it is a folder, the status of reports in the folder.

JReport Server supports two ways to apply permissions to the set of users. One is the default system of setting permissions for users, groups and roles. The other is role based definition, in which permissions are defined on roles only, and users and groups are mapped to roles. When JReport Server is performing runtime security checking for a given user, it will respect the permissions settings and follow the access control rules when processing the service requests.

Below is a sample UI for your reference:

The following lists the permission management tasks:

Setting, viewing, changing resource permissions
To set up or change permissions for a role, user or group, in the setting permission UI, first check Enable Setting Permissions, then select the role/user/group in the Selected box and check or uncheck the required permissions. If the role/user/group is not listed in the Selected box, select the corresponding radio button below the Available box, add the role/user/group to the Selected box and then assign the permissions accordingly.

Removing resource permissions
To remove resource permissions for all users, groups and roles, uncheck the Enable Setting Permissions option in the setting permission UI.

Searching for roles/groups/users in the Available/Selected table

Click the Search button above the table to display the quick search toolbar.
Click on the toolbar to specify the search options.
- Highlight All
  Specifies whether to highlight all matched text.
- Match Case
  Specifies whether to search for text that meets the case of the typed text.
- Match Whole Word
  Specifies whether to search for text that looks the same as the typed text.
The quick search toolbar treats the principal names as strings and searches by consecutive text. Type in the text of the principal names you want to search for and the principals containing the matched text will be listed.
To cancel the search operation, click on the quick search toolbar.

After you have set permissions for a parent folder, any new resources and sub folders created in that folder will inherit the same permissions. If you do not want them to inherit these permissions, you can enable their user permissions and set their permissions separately. Resources and folders will inherit permissions from their parent folder if their user permissions are not enabled.

Notes:

To complete a task, you may require more than one permission. For example, to view the properties of a report, you must have both the Visible and Read permissions.
Some permissions depend on other permissions in order to work, such as Write, Execute, Edit and Schedule. Allowing anyone of these will also allow the Read permission.