Find below a step by step guide to setting up Domain Security (Row Based) :
Create a role on which to apply the security settings from Jaspersoft Server
For each of the users which you want to apply the security settings to, create user accounts, add them to the above role.
For each of the Users add some attributes which will filter what they can and can't see when they access a given domain.
When you create the Domain use a Security File (attached and example) which uses the above information to apply to the domain.
The magic is really here ...
<resourceAccessGrant id="Jointree_1_row_access_customers"> <principalExpression> authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['AUC_USER'] } </principalExpression>Then apply the "Principal Expression" to the role that you created above.
<filterExpression> Locations_T.Region in (groovy('authentication.getPrincipal().getAttributes().find{ it.attrName == "Region"}.attrValue.split(",").collect {"''" + it + "''"}.join(",").replaceFirst("^''","").replaceFirst("''$","")')) </filterExpression> </resourceAccessGrant>Then change the table on which you need to apply the filter and the attribute you want it to be tied to.
Then to test that it works, login as a given user and make sure you can only see the data you were expecting.
.png.34490d592acc75596ec5001d9433ebb1.png)
.png.4ea8aac112fcd89d6409105f663c8864.png)
.png.3dffefd1972f25cc9959db7f0592a3f9.png)
If during the adhoc explore process you get errors, this is down to the attribute definition in the user definition having errors.
The example I have given is for multiple comma separated regions.
.png.1abd24c18ed441a47ba1a9722de31b41.png)
.png.b4fe295e4dd765c9f25d17867e1ada76.png)
.png.317084755da75cb0b3fb08251021a97e.png)
Recommended Comments
There are no comments to display.