The security file defines permissions to control access to Domain data on the basis of user names and roles existing in the server. When creating or running a report based on a Domain, the user name and roles are checked against the permissions in the security file.
Permissions can be set separately on the data's columns and rows. In Domains, columns display the items in the Domain; rows display the values of each item. A user can see results only where they have both column- and row-level access. When a user is designing a report in the Ad Hoc Editor, they see only the columns to which they have access. When the report runs, portions to which the user has no access are blank.
User access for a Domain is defined in a single security file. The file is attached to the Domain as a resource, as described in The Options Tab. The security file references the ids of tables, columns, sets, and items in the Domain design file. When creating a security file, be sure to use the ids of items and groups as they are defined in the Domain design file exported from the Domain Designer. For more information, see Understanding Domain Design Files.
If you modify the Domain, you should also export the design file and update the security file with any IDs that have changed. Then attach the updated security file to the Domain using the Replace Security File option on the Options tab of the Domain Designer.
For the structure and syntax of the security file, see "Domain and Security Recommendations" in the JasperReports Server Security Guide.