Jump to content

  • Defining a Domain Security File

    mgeise

    By mgeise

     Share

    After you create your new domain, we are going to secure some information depending on users' roles.

    Business Case

    Here are your company employees:

    User name / rolebossROLE_your_domain_name_HR_MANAGER
     jasperROLE_your_domain_name_STORE_MANAGER
     repsajROLE_your_domain_name_STORE_MANAGER

    Create the above users and roles.  Don't forget to assign roles to users.

    		[toc]
    Defining_domain_security_file_1.JPG.50cfaa98fa2566c94f2e48ff2b6f8b3a.JPG
    Defining_domain_security_file_2.JPG.0ff68cabb53b1d2252a7a31603d25b64.JPGDefining_domain_security_file_3.JPG.ba95f7a97cfba19c32b9d5c4cda738ca.JPGDefining_domain_security_file_4.JPG.8631ec7bffacff281497dd6622cfc91f.JPG

    Security Context

    A domain security file contains item and resource access grants that specify the access to grant based on certain aspects of a user, such as roles. There are 2 types of domain security: row-level security and column-level security. A domain security file can contain both types.

    Security Examples
    Row-level securityJasper and Repsaj are two store managers. Jasper is responsible of Los Angeles store and Repsaj is responsible of San Diego store. A row-level security displays users own rows, based on a profile attribute value. For this example, the profile attribute is the store city.
    Column-level securityBoss is a human ressources manager. Unlike store managers, Boss has access to personal datas of all employees. A column-level security grants access to some specific columns (eg: hire_date, salary) only for HR managers.

    Now let's create the domain security file for this business case.

    Create the Security File

    Here is the structure of a security file:

    <securitydefinition itemgroupdefaultaccess="granted"
                    version="1.0"
                    xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema">
    <resourceaccessgrants>
        <!-- Row-Level Security rules -->
    </resourceaccessgrants>
    <itemgroupaccessgrants>
        <!-- Column-Level Security rules -->
    </itemgroupaccessgrants>
</securitydefinition>
    • A security file is just a simple XML document. You can use any text/XML editor (eg: notepad++ or XMLBuddy).
    • It relies on the schema of your domain. Therefore, when creating the security file, it is useful to have your schema structure visible as a reference.

    Row level security

    • Row level security is defined in tags.
    • This type of rule is mapped to or tags of a domain schema.
    • Precisely, resourceId="JoinTree_1"> (security file) should match with id="JoinTree_1" ...> (domain schema). See Figure 5.

    Defining_domain_security_file_5.JPG.a2d53911395d488df007436aa5e38d5c.JPG

    How to set up a Row-Level security

    Column level security

    • Column level security is defined in tags.
    • This type of rule is mapped to tags of a domain schema.
    • Precisely, itemGroupId="employee" ...> (security file) should match with id="employee" ...> (domain schema).

    Defining_domain_security_file_6.JPG.046b47bffd1fafd3300902e6d1f0a991.JPG

    How to set up a Column-Level security

    More On Domains

     Share
    Go to entries

    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    This is now closed for further comments

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore