Roles define sets of users who are granted similar permissions. Administrators create roles, assigned them to users, and set permissions in the repository (see Permissions). By default, JasperReports Server includes the following roles; some are needed for system operation, some are included as part of the sample data:
Default Roles in JasperReports Server Installations
Role
Description
ROLE_SUPERUSER
Commercial editions only. This role determines system admin privileges, as explained in section Delegated Administration. It is a system-level role, however the system admin may assign it to organization admins in single-organization deployments.
Never delete this role, it is required for proper administration of the server.
ROLE_ADMINISTRATOR
This role determines organization admin privileges, as explained in section Delegated Administration. JasperReports Server automatically assigns this role to the default jasperadmin user in every new organization. It is a special system-level role that is visible in every organization and which organization admins may assign to other users.
Never delete this role, it is required for proper administration of the server.
ROLE_USER
Every user that logs into JasperReports Server must have this role. The server automatically assigns this role to every user that is created, and it is required to log in. It is a special system-level role that is visible in every organization.
Never delete this role, it is required to create users and allow them to log in.
ROLE_ANONYMOUS
When anonymous access is enabled, JasperReports Server automatically assigns this role to any agent accessing the server without logging in. It is a special system-level role that is visible in every organization. This role is also assigned to the default anonymous user. By default, anonymous access is disabled and this role isn’t used. If you do not allow anonymous access, this role can be deleted.
JasperReports Server assigns this role to users that are created automatically when a portal such as Liferay requests authentication for a connection. If the specified user name does not exist in the server, it is created, assigned the password of the user in the portal, and assigned the ROLE_PORTLET and ROLE_USER roles. If you do not use a portal server, this role can be deleted.
This role grants access to the SuperMart demo Home page, reports, and if you implement Jaspersoft OLAP, OLAP views. This role is assigned to the demo user in the default organization. These objects are available only if you installed the sample data when you installed JasperReports Server. It is a special system-level role that is visible in every organization
When you no longer need the sample data, this role can be deleted.
ROLE_SUPERMART_MANAGER
This role is used to assign permissions relative to the sample data. It is a special system-level role that is visible in every organization. It demonstrates data security features available in Jaspersoft OLAP. See the Jaspersoft OLAP Ultimate Guide for more information.
When you no longer need the sample data, this role can be deleted.
ROLE_ETL_ADMIN
This role no longer governs any JasperReports Server permissions or functionality, unless your server is integrated with Talend Integration Suite Enterprise Edition (TIS EE). Otherwise, it does not appear in the server.
Except for the five special system-level roles visible in every organization, roles are defined within organizations. The same role ID can be defined in separate organizations, as long as it is unique within each organization. Admins can manage all roles in their organizations and any suborganization, but they can never see roles in a parent or sibling organization. JasperReports Server enforces this scheme to ensure that organizations are secure and only valid roles are assigned to users.
It is possible for an administrator to assign a role to a user in a suborganization, where the role is defined in a parent organization of the user. The admin of the user’s organization cannot see the role when managing the user, but the admin of the role’s organization can, and permissions associated with the role are properly enforced.
Viewing Role Properties
1. | Log in as a user with administrative privileges for the role’s organization. Community users log in as any user with administrative privileges. |
2. | Select Manage > Roles or, on the Admin Home page, click Roles. |
As shown in the figure “Manage Roles Page”, the Manage Roles page displays the roles in each organization and properties for each role.
Manage Roles Page |
The list of roles includes all roles in the chosen organization and its suborganizations. The list of roles also includes the five default system-level roles. The same role name may appear more than once, indicating that roles with the same name were created in different organizations. The second column (blank in this figure) gives the organization name of a particular role.
In this example, the system admin can see all roles in all organizations by selecting the root of the Organization hierarchy.
3. | To select a role, click its organization in the Organizations panel. (Commercial users only. Community users skip to step 4.) |
The Roles panel is displayed.
4. | Click the role in the Roles panel. |
To filter the list of roles, enter a search string in the Search field of the Roles panel. The search results show all of the roles in the selected organization and suborganizations whose name contains the search string. If necessary, scroll through the new list or refine your search.
5. | Select the role in the Roles panel. The role’s properties appear in the Properties panel. |
The Properties panel shows the role name, the organization where it is defined, and the list of users to whom the role has been assigned. The list of users shows only their user IDs, but hovering over an ID displays a tooltip with the full name and organization, as shown in the figure “Manage Roles Page”.
When you view the properties of the special system-level roles, you only see the users with this role in your organization or any suborganization. An organization admin can never see users outside of his organization or its suborganizations. |
Creating a Role
1. | Log in as a user with administrative privileges for the organization in which the role will be used. |
2. | Select Manage > Roles or, on the Admin Home page, click Roles. |
3. | In the Organizations panels, select the organization to which the role will belong. (Commercial users only. Community users skip to step 4.) |
4. | Click Add Role. |
The Add Role dialog appears.
Adding a Role |
5. | Enter the name of the role. Roles have no other properties or settings. |
6. | Click Add Role to <organization> (Add Role for community edition users) to create the role. |
The new role appears in the Roles panel, unless you entered a search term that excludes it. If you want to assign users to the role, click Edit in the Properties panel of the new role, as shown in the following section.
Assigning Users to a Role
The management interface for roles lets you assign multiple users to one role. To assign multiple roles to a single user, edit the user’s properties with the procedure in Editing a User.
1. | Log in as a user with administrative privileges for the organization in which the role is defined. |
2. | Select Manage > Roles or, on the Admin Home page, click Roles. |
3. | In the Organizations panels, select the role’s organization. (Commercial users only. Community users skip to step 4.) |
The Roles panel is displayed.
4. | Select the role in the Roles panel. |
Unless you are logged in as the system admin, you cannot edit or delete the five special system-level roles. |
5. | In the Properties panel, click Edit. |
The role’s properties become editable. You can change the role name and the users assigned to it.
Editing the Members of a Role |
6. | Enter a different name to change the role name throughout the server. |
Permissions in the repository that use the role name are automatically updated. However, role names in security files for Domains and OLAP are not updated with the new role name and may cause a security risk. If you use security files for Domains or OLAP, do not change role names without verifying the files as well. For more information, see the JasperReports Server User Guide. |
7. | To assign or remove users from the role, select the users, and click the arrow buttons between the Users Available and Users Assigned lists. |
8. | Click Save to keep your changes, or Cancel to quit without saving. |
Deleting One or More Roles
1. | Log in as a user with administrative privileges for the organization in which the role is defined. |
2. | Select Manage > Roles or, on the Admin Home page, click Roles. |
3. | In the Organizations panels, select the role’s organization. (Commercial users only. Community users skip to step 4.) |
The Roles panel is displayed.
4. | Select the role in the Roles panel. Use Control-click and Shift-click to make multiple selections. |
Unless you are logged in as the system admin, you cannot edit or delete the five special system-level roles. |
5. | In the tool bar of the Roles panel, click Delete and confirm the action. |
Recommended Comments
There are no comments to display.