Securing Data in a Domain

You may need to restrict access to the data in a Domain accessed by multiple users. For example, you may allow managers to analyze data across their department but allow individual contributors to see only their own data. For this purpose, Domains support security files.

This section describes functionality that can be restricted by the software license for JasperReports Server. If you don’t see some of the options described in this section, your license may prohibit you from using them. To find out what you're licensed to use, or to upgrade your license, contact Jaspersoft.

This chapter describes tasks only administrators can perform.

When Domain security is properly configured, a user sees only the data they're meant to see. You define Domain security by writing data access filtering rules in XML and uploading them as a new security file in the Domain Designer. These rules are powerful and flexible, and can be based on multiple aspects like user roles or attributes.

The power of this solution is best presented as an example business case. This section describes a fictional company’s implementation of Domains in JasperReports Server—from both a business perspective and an implementation perspective.

As of reslease 6.0, JasperReports Server supports hierarchical attributes (user, organization, and server levels). The examples in this chapter still work, but they do not demonstrate the cascading functionality of hierarchical attributes. See Using Server Attributes in Design Files for information on implementing hierarchical attributes.

For details about the basics of Domains, see Understanding Domains, Working with the Domain Designer, Working with Domain Files, and XML Design File Reference. For information about how recent changes to application configuration may effect Domain security, see the TIBCO JasperReports Server Security Guide.

This chapter includes the following sections:

Business Case
Process Overview
Sales Domain
Roles, Users, and Attributes
Setting Up Logging and Testing
Creating a Domain Security File
Testing and Results
Domain and Security Recommendations