Roles can be mapped from a variety of structures that depend on the external authority: LDAP authentication maps roles dynamically from groups, and CAS authentication extracts roles from an external data source or specifies them statically in the configuration file. Because each external authority may have its own mechanism, this guide refers to those structures collectively as role definitions.
In practice, you will find that only a subset of the role definitions in your external authority are applicable to JasperReports Server. Of those, some may be used by other applications as well, and others may be created specifically for managing users in JasperReports Server. You should identify the maintenance procedures on your enterprise-wide user authority that impact JasperReports Server and document the additional procedures for keeping JasperReports Server in sync.
The following table describes the impact on JasperReports Server when modifying role definitions in the external authority:
Action in External | Impact on JasperReports Server | ||||||
Creating a new role | Role definitions are not directly mapped to JasperReports Server; only roles that are assigned to users who log in are mapped. When you create a new role and assign it to a user who accesses JasperReports Server, determine which case applies:
| ||||||
Modifying role membership | Changes in role membership are reflected the next time the role members start a new session in JasperReports Server, as described in Synchronization of External Users. Roles that were previously unknown to the server are treated as new roles as described above, and roles that are no longer assigned to any user are deleted as described below. | ||||||
Deleting a role | External users no longer have the role, and it is removed from each external user during synchronization the next time they log in. The role remains in the internal database, and permissions that reference the role remain in the repository. The role may still be assigned to external users who have not logged in since the role was removed.
|
Modifying Role Mappings
Once you have set up external authentication with your JasperReports Server instance, you add new role mappings by editing the applicationContext-externalAuth-*.xml file. You need to restart the server for the changes to take effect.
Care should be taken when modifying or removing role mappings. When a role mapping is removed or changed, synchronization no longer updates the target role in JasperReports Server. This means that users who had the external role prior to the change still have the previous target role in JasperReports Server.
Recommended Comments
There are no comments to display.