Dashboard: use row based security

[gundinge]

Dear all,

I have following scenario: (jasperserver 4.7, ireport 4.7)

 

I have created 3 line chart (3 jrxml) with same parameters TIME and COUNTRY.

Further, user profile attribute "ROLE_R03018" is involved.

I have 2 users which have access to that three reports.

User 1: user profile attribute COUNTRY => "AT, DE, SK, IN,..." (in sum: 100 country codes)

User 2: user profile attribute COUNTRY => "AT, DE" (only two!)

 

If I call each report (=> each chart) with user 1, he will see all countries.

If i call each report (=> each chart) with user 2, he will see only two country.

=> row based security works!!

 

If user 1 creates the dashboard, all users, which have access to that dashboard will see all countries.

(independet of user profile attribute !!!)

 

If user 2 created the dashboard, all users will see only two countries.

In that case, the row based security does not work! why???

In database I found following records:

 

dashControlFrameParamName => "LoggedInUserAttribute_ROLE_R03018"

dashControlFrameParamValue =>"AT, DE, SK, IN,..." (in sum: 100 coutry codes)

dashControlFrameDefaultParamValue =>"AT, DE, SK, IN,..." (in sum: 100 coutry codes)

(in case of user 1 is created dashboard)

 

dashControlFrameParamName => "LoggedInUserAttribute_ROLE_R03018"

dashControlFrameParamValue =>"AT, DE"

dashControlFrameDefaultParamValue =>"AT, DE"

(in case of user 1 is created dashboard)

 

What can I do, that the row based security also work in case of calling reports in a dashbaord?thanks and best regard

[elizam]

There isn't enough information here to be sure what is going on.  Some things that might give more information:

Can you show us your domain security file?
Can you show us the file you used to create the profile attributes?
Can you tell us exactly where you found those records in the database? (what table, etc.)?
In your records example, you have the same LoggedInUserAttribute in both cases. You also say "in case user 1 created dashboard" for both cases.  So perhaps look at your example more closely.

Parameters and profile attributes work independently, so make sure you are not trying to use parameters instead of profile attributes for security. You need the pro version for Domains, which are what is used for row-based security.

[elizam]

comments didn't format well, see answer below.

[gundinge]

Dear Elizam,

sorry for late feedback, I was on a business trip.

 

there is no domain security file - for this I am using only a datasource (data base) connection direct to a table source.

For profile attributes I am using following statement:

 

INSERT INTO JIProfileAttribute

(id, attrName,attrValue,principalobjectclass,principalobjectid)

values(nextval('public.hibernate_sequence'),'ROLE_R03018','''AT'',''DE'',''SK''','com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser',45313);

 

 

I found the records in table "jidashboardframeproperty".

 

Depend on the user profile attribute of user (user 1 or user 2), which creates the dashboard, all other user will see respective countries of this user.

 

It is correct, I am using "parameters" which include profile attribute in the where clause (sql) of loggedin user. loggedin user should see only allowed countries.

 

Parameter Country is a multi-select query input control and sql statement looks like as follow:

select country_code, country_name from country where country_code IN ($P!{LoggedInUserAttribute_ROLE_R03018})

 

best regards

[gundinge]

Hi Elizam,

your answer is empty - do you need more information from my site?

greets

[elizam]

I realized my comment was not helpful. Let me make sure I understand your question.

 

It seems to me you have a set of parameters, and you don't care so much about using security to actually prevent people seeing things (for instance, if they type the URL in directly, that's ok). Instead, you want to use profile attributes to control what they see in the parameters menu. Is that right?