Use Case
Customer has a requirement to allow dashboards creation / save for a specific custom role and ROLE_ADMINISTRATOR only.
ROLE_USER users should not have permissions for the functionality.
Resolution
In order to restrict access to Dashboard designer, the custom role should be specified in
applicationContext-security-pro-web.xml
config file, filterInvocationInterceptorPROExtention security filter, /dashboard/designer.html pattern.
There is a Spring Security requirement that role name should start with ROLE_ prefix.
ROLE_USER role should be removed form the pattern.
Change
<security:intercept-url pattern="/dashboard/designer.html" access="ROLE_USER,ROLE_ADMINISTRATOR" />
to
<security:intercept-url pattern="/dashboard/designer.html" access="ROLE_DASHBOARD,ROLE_ADMINISTRATOR" />
If the cusotm role defined at organization level, it should be specified as <ROLE_NAME>|<organization_id>:
<security:intercept-url pattern="/dashboard/designer.html" access="ROLE_DASHBOARD|organization_1,ROLE_ADMINISTRATOR" />
Server restart required.
As a result, if one tries to create a dashboard under a user with ROLE_USER role only, he gets 'You do not have permission to view this page.' message.
But a user with ROLE_DASHBOARD role can create and save dashboards.
Solution tested with TIBCO JasperReports® Server v.7.1.0
AS-20190318, case #01711125
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now