Securing Data in a Domain

You may need to restrict access to the data in a Domain accessed by multiple users. For example, you may allow managers to analyze data across their department but allow individual contributors to see only their own data. For this purpose, Domains support security files.

This section describes functionality that can be restricted by the software license for JasperReports Server. If you don’t see some of the options described in this section, your license may prohibit you from using them. To find out what you're licensed to use, or to upgrade your license, contact Jaspersoft.

This chapter describes tasks only administrators can perform.

When Domain security is properly configured, a user sees only the data they're meant to see. You define Domain security by writing data access filtering rules in XML and uploading them as a new security file in the Domain Designer. These rules are powerful and flexible, and can be based on multiple aspects like user roles or profile attributes.

The power of this solution is best presented as an example business case. This section describes a fictional company’s implementation of Domains in JasperReports Server—from both a business perspective and an implementation perspective.

In JasperReports Server 6.0, we added support for hierarchical attributes. The examples in this chapter still work, but they do not support the cascading functionality of hierarchical attributes. See Working with Hierarchical Attributes for information on implementing domain security with hierarchical attributes.

For details about the basics of Domains, refer to the JasperReports Server User Guide.

This chapter includes the following sections:

Business Case
Process Overview
Sales Domain
Roles, Users, and Attributes
Setting Up Logging and Testing
Creating a Domain Security File
Testing and Results
Working with Hierarchical Attributes
Domain and Security Recommendations
Domain Reference Material
Feedback
randomness