Looking to add a role with user only access to ad hoc reports

[michael.mccarthy]

Hi All,

I can see how to change the permissions folder by folder to read only however the users still have access to create ad hoc reports. I would like the users to have read only access to the ad hoc reports already created and have no access to create reports/ad hoc reports. I can't see how using the roles that are currently present how to do that and i can't assign levels of access when i create a new role.

 

Thanks

Michael

[ernestoo]

You'll probably have to do some tricks in applicationContext-security-web.xml and applicationContext-security-pro-web.xml - likely best to get professional services for this type of customizatoin

[elizam]

There are several ways to do this, depending on how much work you want to do & how much restriction you want to make.  See this answer:

http://community.jaspersoft.com/questions/824274/show-only-reports-and-deny-ad-hoc-creation-based-roles

[michael.mccarthy]

Thanks for your comment. The link doesn't work however. Its not valid when i click on it. Can you repost please?

[elizam]

The link is intact in the source & it works for me, so I'm not sure what's going on.

 

Here are some options:

 

1. Give the role Execute Only permission to all folders containing Ad Hoc Views, Topics, and Domains. To do this, log in as superuser, right click on the folder you want to restrict, and select Permissions.  You can choose the access for each user type. Execute Only will let users execute reports that are based on these resources, but they will not be able to view or edit any Ad Hoc Views, and without access to a Topic or Domain, they will not be able to create an Ad Hoc View of their own. (I believe the Data Source folder is restricted already, but if not, you should manage that as well) 
   
2.  f you are up for editing configuration files, you could also modify the permissions for the Ad Hoc, Topic, and Domain flows, as outlined in the Ultimate Guide: http://community.jaspersoft.com/documentation/jasperreports-server-ultimate-guide/v561/restricting-access-role
   

 

2.

[djohnson53]

Try the links now.

[michael.mccarthy]

hi

 

Thanks for your comment.

this doesn't work for me in my situation because: for the user to be able to login in they need to have one of two user roles - user or admin. if they have user role which is lowest ranking role then i need to modify this role as you have mentioned above i have no doubt this will work. that will however mean that all users using this then can't create ad hoc views. i also need to grant a set of users access to create ad hoc views and in that case i would need to give them admin access which i don't want to do - as they don't understand how to create domains etc...

 

i have also tried creating a new role and doing the above and assigning it to user with the user role also however the user role access takes precedent and does not restrict on the new role created.

 

IT seems like its only possible to have 2 sets of users. admins and other (which i can then define as either create ad hoc views or just executing views)

 

Is this correct?

 

thanks

Michael

[elizam]

commented on the other thread