Securing Data in a Domain

This section describes functionality that can be restricted by the software license for JasperReports Server. If you don’t see some of the options described in this section, your license may prohibit you from using them. To find out what you're licensed to use, or to upgrade your license, contact Jaspersoft.

You may need to restrict access to the data in a Domain when it is accessed by different people. For example, you may allow managers to analyze data across their department but only allow individual contributors to see data related to themselves. For this purpose, Domains support security files.

When Domain security is properly configured, a user only sees the data that the organization wants them to see. To define this access, you write data access filtering rules (access grants) in XML and upload them as a new security file using the Domain designer. These rules are powerful and flexible, and can be based on a number of aspects, such as user roles or profile attributes.

The power of this solution is best presented as an example business case. This section describes a fictional company’s implementation of Domains in JasperReports Server—from both a business perspective and an implementation perspective.

For details about the basics of Domains, refer to the JasperReports Server User Guide.

This chapter describes a number of tasks that only administrative users can perform.

In addition, the examples in this chapter assume that you have a JasperReports Server version 3.7.1 or newer. If you are running version 3.7.0, update to the latest version before testing the filter expressions in this chapter.

This chapter includes the following sections:

Business Case
Overview of CZS’s Process
Sales Domain
Roles, Users, and Profile Attributes
Setting Up Logging and Testing
Creating a Domain Security File
Verifying Domain Security
Domain and Security Recommendations
Domain Reference Material

Business Case

CZS is an up-and-coming consumer electronics company with operations in the U.S. and Japan. CZS uses JasperReports Server to track sales data, such as sales revenue and operating cost.

The CZS Sales organization employs the following personnel:

Rita is the regional sales manager in the Western U.S. She uses the Sales Domain to create reports that track sales trends in her region.
Pete is a sales representative selling televisions in Northern California. He uses reports based on the same Domain to track his quarterly progress.
Yasmin is a sales representative selling cell phones in Northern California. She uses reports based on the same Domain to track her quarterly progress.
Alexi is the regional sales manager in Kansai, Japan. He uses reports based on the same Domain to track sales trends in his region.

CZS stores its data in a MySQL database. The data is exposed by the Sales Domain, which displays information about CZS’s consumer electronics sales across the world. It is filtered depending on each employee’s cities of operation and product. In addition, only managers can access cost information.

Overview of CZS’s Process

1. This chapter shows how to implement this business case using a Domain. The table below summarizes the steps CZS could take to create the Sales Domain and configure it to secure their data using user profile attributes and roles; the following sections describe these steps in more detail.


Described in…

1. Define a Domain. The CZS business case is met by a Sales Domain that includes the following fields from their JDBC data source: city, state, product department, sales amount, cost amount, and unit sales.

Sales Domain

2. Identify and create access roles. CZS needs two roles: one for managers, and another for sales representatives. Both are granted access to the Sales Domain.


3. Create users and assign appropriate roles to each one.


4. Identify and create profile attributes that determine each user’s access to data in the Domain. For this example, CZS needs two attributes: Cities and ProductDepartment.

Profile Attributes

5. Prepare to test the security implementation by enabling logging and creating an example report.

Setting Up Logging and Testing

6. Iteratively create, upload, and test an XML file that defines the access granted to users based on the attributes defined in step 4.

Creating a Domain Security File

7. Test the Domain as various users.

Verifying Domain Security

Sales Domain

The first step is to create a Domain that presents the relevant data. CZS is primarily interested in the volume and revenue of their sales, as well as their operational cost. These metrics are represented in the Sales Domain as fields: unit sales, store sales, and store cost. The Domain also includes fields to establish context for the sales data, such as product department, city, and state. The following figures show the configuration of this Domain in the designer.

Tables Tab in the

Domain Designer

Joins Tab in the Domain Designer

Display Tab in the Domain Designer

The XML representation of this Domain design is shown in Domain Design in XML Format.