Attributes are name-value pairs that are associated with users and the server itself. Attribute values can be used to parameterize access to data sources OLAP data, and report output. Attributes were previously known as profile attributes.
Attributes have permissions, so that administrators can restrict the visibility and use of specific attributes.
|  | The permission feature of attributes is designed to work with multiple organizations in commercial editions of JasperReports Server. The feature is enabled in all editions of the server, but has limited use in the Community Project edition. |
Referencing Attributes
There are several features of JasperReports Server that can read attributes and use attribute values. The following features can limit or restrict access to data or take different behavior based on the user or server-level attributes. Each feature reads or references attributes in its own syntax that is described with that feature:
| • | OLAP schemas – Similar to Domains, access rules can be defined with attributes so that users may only see data they are allowed to access. See the Jaspersoft OLAP User Guide. |
Attributes are always referenced in relation to the currently-logged in user who is performing an operation or running a report:
| • | If the value of a user-level attribute is requested, it refers to the attributes of the logged-in user. |
| • | If the value of a server-level attribute is requested, the value depends on which server the user is logged into. For example, test and production servers may have a copy of the same repository, but different server-level attributes. For a given server, server-level attributes are shared and thus have the same value for all users. |
Attribute Hierarchy
An attribute is a named value that is defined on a user or root of the server. Any number of attributes with any name can be defined at either or both of these levels. The definition of each attribute at each level is independent of other attributes at other level. Attributes at different levels may have the same name, unless explicitly forbidden as described in Attribute Permissions.
In the places that you reference attributes (see above), there are two ways to determine the value of an attribute:
| • | Categorical value – References the value of a named attribute at a specific level, either user level or server level. If the attribute does not exist at the requested level, no value is returned. |
| • | Hierarchical value – References the value of a named attribute across all levels, starting at the user level. The server searches for an attribute with the given name in the following order, stopping and returning the first value that it finds: |
| • | At the user level, in the user attributes of the logged-in user. |
| • | If the attributes does not exist at any level, no value is returned. |
With hierarchical values, attributes with same name but different values may be defined at several levels and on many users. Each attribute is a distinct attribute definition, but the hierarchical value referencing takes into account the level and the presence of the definition for every given user.
To help administrators define attributes on users, the UI displays all attributes that are visible in the attribute hierarchy. If an attribute is defined at the server level, its hierarchical value is shown at the user level, and the attribute is called inherited. This allows the administrator to see all hierarchical values that are in effect in lower levels, either to override them in the hierarchy or leave them as inherited.
Categorical and hierarchical approaches usually involve different strategies for defining and naming attributes. When using categorical values, you must ensure that each and every user has the attribute defined, and you must handle the case when it is accidentally undefined, such as a new user. When using hierarchical values, you define attributes with the same name at different levels, such that each user may have a custom value, but then the server level provides a default value for all users. Each strategy is useful for different applications, depending on your needs to access and protect data. However, both strategies can co-exist and be used by at the same time by different resources, as long as the names of attributes used in each strategy or each resource are kept distinct.
Attribute Encryption
By default, an attribute and its value can be known to administrators throughout the server.
JasperReports Server provides two mechanisms to protect sensitive attributes:
| • | Attribute encryption – Prevents the attribute value from ever being seen. Does not prevent the attribute name from being seen or the value from being redefined at a lower level. When an attribute value is encrypted, the value stored internally is encrypted and never decrypted in the user interface. The server decrypts the attribute only when it is referenced by one of the features of the server. The decrypted value is then used for internal operations and never visible to the user. |
For example, an encrypted attribute could store the password for a database. Once typed in and saved, the UI displays *** as the value of the attribute. When a report uses that database, the server decrypts the password and sends it as part of the database protocol, so the user and the admin never see the password.
Encrypted attributes are similar to user passwords in the server. Administrators can change the encrypted value to a new value, but they can never view the current value.
| • | Attribute permissions – Prevents the attribute from being visible or redefined at a lower level. Attribute permissions are described in the next section. |
To properly secure an attribute, you should make it encrypted so it cannot be seen and then set permissions so it cannot be overridden.
Attribute Permissions
| | Attribute permissions were designed to work with multiple organizations in commercial editions of JasperReports Server. The feature has limited use in the Community Project edition. |
The attribute permissions and their effects are as follows:
| • | Administer – This is the default permission. |
Inthe Community Project edition, use this permission unless you want to disable an attribute with the no-access permission.
| • | Read Only – Inthe Community Project edition, this permission has no effect. |
| • | Execute Only – Inthe Community Project edition, this permission has no effect. |
| • | No Access – The attribute is disabled and its value cannot be referenced. When referenced, an attribute with no-access permission returns an error. |
Managing Server Attributes
If a given attribute name is not defined on a user, it can have a value at the server level to act as a default value. Server-level attributes may also be used as parameters in data source definitions. For example, the same data source may be imported to several servers, such as test and production servers, but a server-level attribute with the same name on each server makes the data source connect to a different database.
To view, create, modify, or delete server-level attributes:
| 1. | Log in as an administrator (jasperadmin). |
| 2. | Select Manage > Server Settings and choose Server Attributes from the left-hand panel. |
Each server level attribute is listed with its value, encrypted status, and permission. Holding the pointer over an attribute name shows the description associated with the attribute. When an attribute value is encrypted, its value is shown as *** symbols.
| Managing Attributes at the Server Level |
| |
| 3. | To create a new server-level attribute, click Add new attribute. Enter the attribute name and value, as well as an optional description. If desired, set the permission from the drop-down list and select the Encrypt check box. Click OK to close the dialog and then click Save to submit the new attribute. |
| Adding a Server Attribute |
| |
| 4. | To modify an attribute, click the edit icon |
You can also modify the attribute's permission and encryption by using the drop down and check box in its table row. After confirming any changes, click Save to make them take effect.
When modifying an attribute, be aware of the following:
| • | Changing the name of an attribute is equivalent to deleting the original attribute and adding a new attribute with the same value. Because this may impact features that reference the attribute, you are asked to confirm the name change. |
| • | Be aware that changing the encryption or permission of an attribute can impact the visibility of an attribute and the features that might rely on referencing its value. Again, you are asked to confirm the change. |
| • | Removing encryption does not decrypt an encrypted attribute. To safeguard encrypted values, removing the encryption on an attribute also erases its value. You should give the attribute a new value by clicking the edit icon. |
| 5. | To delete an attribute at the server level, click the delete icon |
Managing User Attributes
Attributes on users can provided additional information about a user and can restrict access to data OLAP schemas. Users may also have hierarchical attribute values inherited from server-level attributes. Attributes on users do not have permissions.
Users never see the attributes defined on their user profile; only administrators can view and set user attributes.
To view, create, modify, or delete user-level attributes:
Viewing Attributes on the Manage Users Page | 4. | To create, modify, or delete the attributes on a user, click Edit in the right-hand column, then select the Attributes tab. |
|
Editing User Attributes |
| 5. | You can filter attributes in the list to include only the inherited attributes or only the locally defined (not inherited) ones. |
| 6. | To create a new user attribute, click Add new attribute. Enter the attribute name and value, as well as an optional description. If the attribute value should not be visible to other administrators, select the Encrypt check box. Click OK to close the dialog and then click Save to submit the new attribute. |
|
| 1. | Log in as an administrator (jasperadmin). |
| 3. | Select the user in the Users panel. The properties panel includes a table of all attributes for the user, both locally defined and inherited from the server level. |
| Adding a User Attribute |
| 7. | To modify an attribute, click the edit icon |
You can also modify the attribute's encryption by using the and check box in its table row. After confirming any changes, click Save to make them take effect. When modifying a user attribute, be aware of the following: | • | Inherited attributes belong to the server level and are shown at the user level to display the hierarchical attribute values. Any modification to an inherited attribute actually creates a local attribute definition with the modified parameters. In the hierarchy of attributes, the new attribute takes precedence over the previously inherited attribute. |
| • | Changing the name of a locally defined attribute is equivalent to deleting the original attribute and adding a new attribute with the same value. Because this may impact features that reference attributes, you are asked to confirm the name change. |
| • | Removing encryption does not decrypt an encrypted attribute. To safeguard encrypted values, removing the encryption on an attribute also erases its value. Click the edit icon to give the attribute a new value. |
| 8. | To delete a user attribute, click the delete icon |
When deleting a user attribute, be aware of the following: | • | Upon deletion, some attributes remain in the list as inherited attributes. This indicates that the local definition of the attribute was deleted, but another attribute with the same name exists at the server level. |
| • | You cannot delete an inherited attribute because it belongs to the server level. To remove an inherited attribute, you must delete it or set its permission to No Access at the server level. |
Open topic with navigation |
Recommended Comments
There are no comments to display.