Roles define sets of users who are granted similar permissions. Administrators create roles, assigned them to users, and set permissions in the repository (see Permissions). By default, JasperReports Server includes the following roles; some are needed for system operation, some are included as part of the sample data:
Default Roles in JasperReports Server Installations
Role
Description
ROLE_SUPERUSER
Commercial editions only. This role determines system admin privileges, as explained in Delegated Administration. It's a system-level role, but in a single-organization deployment, the system admin can assign it to an organization admin.
Never delete this role, it's required for proper administration of the server.
ROLE_ADMINISTRATOR
This role determines organization admin privileges, as explained in Delegated Administration. This role is automatically assigned to the default jasperadmin user in every new organization. It's a special system-level role visible in every organization, and organization admins can assign to other users.
Never delete this role, it's required for proper administration of the server.
ROLE_USER
Required to log in. This role is automatically assigned to every JasperReports Server user. It's a special system-level role visible in every organization.
Never delete this role, it's required to create users and allow them to log in.
ROLE_ANONYMOUS
When anonymous access is enabled,this role is automatically assigned to any agent accessing the server without logging in. It's a special system-level role visible in every organization. This role is also assigned to the default anonymous user. By default, anonymous access is disabled and this role isn’t used. It's a system role that even the system admin can't delete.
JasperReports Server assigns this role to users that are created automatically when a portal such as Liferay requests authentication for a connection. If the specified user name does not exist in the server, it is created, assigned the password of the user in the portal, and assigned the ROLE_PORTLET and ROLE_USER roles. If you do not use a portal server, you can delete this role.
This role grants access to the SuperMart demo Home page, reports, and if you implement Jaspersoft OLAP, OLAP views. This role is assigned to the demo user in the default organization. These objects are available only if you installed the sample data when you installed JasperReports Server. It is a special system-level role that is visible in every organization
When you no longer need the sample data, this role can be deleted.
ROLE_SUPERMART_MANAGER
This role is used to assign permissions relative to the sample data. It is a special system-level role that is visible in every organization. It demonstrates data security features available in Jaspersoft OLAP. See the Jaspersoft OLAP Ultimate Guide for more information.
When you no longer need the sample data, this role can be deleted.
ROLE_ETL_ADMIN
This role no longer governs any JasperReports Server permissions or functionality, unless your server is integrated with Talend Integration Suite Enterprise Edition (TIS EE). Otherwise, it does not appear in the server.
Except for the five special system-level roles visible in every organization, roles are defined within organizations. A single role ID can be defined in multiple organizations, as long as it is unique within each organization. Admins can manage all roles in their organizations and any suborganization, but they can never see roles in a parent or sibling organization. JasperReports Server enforces this scheme to ensure that organizations are secure and only valid roles are assigned to users.
It is possible for an administrator to assign a role to a user in a suborganization, where the role is defined in a parent organization of the user. The admin of the user’s organization cannot see the role when managing the user, but the admin of the role’s organization can, and permissions associated with the role are properly enforced.
Viewing Role Properties
1. | Log in as a user with administrative privileges for the role’s organization. |
2. | Select Manage > Roles or, on the Admin Home page, click Roles. The Manage Roles page displays the roles in each organization and properties for each role. |
Manage Roles Page |
The Roles list includes all roles in the chosen organization and its suborganizations along with the five default system-level roles. The same role name may appear more than once if roles with the same name were created in different organizations. The second column (blank in this figure) gives the organization name of a particular role.
In this example, the system admin can see all roles in all organizations by selecting the root of the Organization hierarchy.
3. | To select a role, click its organization in the Organizations panel. (Commercial users only. Community users skip to step 4.) The Roles panel is displayed. |
4. | Click the role in the Roles panel. |
To filter the list of roles, enter a search string in the Search field of the Roles panel. The search results show all of the roles in the selected organization and suborganizations whose names contain the search string. If necessary, scroll through the new list or refine your search.
5. | Select the role in the Roles panel. The role’s properties appear in the Properties panel. |
The Properties panel shows the role name, the organization where it's defined, and the users assigned the role. Hover over a user ID to see a user's full name and organization, as shown in “Manage Roles Page”.
When you view the properties of a special system-level role, you only see the users with that role in your organization or any suborganization. An organization admin can never see users outside of his organization or its suborganizations. |
Creating a Role
1. | Log in as a user with administrative privileges for the organization in which the role will be used. |
2. | Select Manage > Roles or, on the Admin Home page, click Roles. |
3. | In the Organizations panel, select the organization to which the role will belong. (Commercial users only. Community users skip to step 4.) |
4. | Click Add Role. The Add Role dialog appears. |
Adding a Role |
5. | Enter the name of the role. |
6. | Click Add Role to <organization> (Add Role for community edition users) to create the role. |
The new role is included in the Roles panel. If you want to assign users to the role, click Edit in the Properties panel of the new role.
Assigning Users to a Role
You can assign multiple users to one role. To assign multiple roles to one user, edit the user’s properties as described in Editing a User.
1. | Log in as a user with administrative privileges for the organization in which the role is defined. |
2. | Select Manage > Roles or, on the Admin Home page, click Roles. |
3. | In the Organizations panel, select the role’s organization. (Commercial users only. Community users skip to step 4.) The Roles panel is displayed. |
4. | Select the role in the Roles panel. |
Unless you're logged in as the system admin, you can't edit or delete the five special system-level roles. |
5. | In the Properties panel, click Edit. The role’s properties become editable. . |
Editing the Members of a Role |
6. | Enter a different name to change the role name throughout the server. |
Permissions in the repository that use the role name are automatically updated. However, role names in security files for Domains and OLAP are not updated with the new role name and may cause a security risk. If you use security files for Domains or OLAP, do not change role names without verifying the files as well. For more information, see the JasperReports Server User Guide. |
7. | To assign or remove role users, select the users, and click the arrow buttons between the Users Available and Users Assigned lists. |
8. | Click Save to keep your changes, or Cancel to quit without saving. |
Deleting One or More Roles
1. | Log in as a user with administrative privileges for the organization in which the role is defined. |
2. | Select Manage > Roles or, on the Admin Home page, click Roles. |
3. | In the Organizations panels, select the role’s organization. (Commercial users only. Community users skip to step 4.) The Roles panel is displayed. |
4. | Select the role in the Roles panel. Use Control-click and Shift-click to make multiple selections. |
Unless you're logged in as the system admin, you can't edit or delete the five special system-level roles. |
5. | In the tool bar of the Roles panel, click Delete and confirm the action. |
Recommended Comments
There are no comments to display.