Jump to content
We've recently updated our Privacy Statement, available here ×

  • How do I grant administrative privileges for viewing the schedules of all JasperReports Server users?

    Henna Katy

    By Henna Katy

    • Edited on:
      • Features: JasperReports Server, Reports Version: v9.0.0 Product: JasperReports® Server
     Share

    Note: User types with different permission levels are mentioned throughout this article. For ease of understanding, the following terms are used:

    • superuser  - A system administrator who has access to the entire repository, including the contents of every organization.
    • jasperadmin - An administrative user who has access to everything within their organization.
    • joeuser - A typical user who has access only to the resources that they created.
    • schadmin - A system administrator (superuser) or administrative user (jasperadmin) who has access to view the schedules of all users. 

    This article provides an overview of how to provide administrative permissions to access Schedules and Reports of all users on the JasperReports Server application.

    The following roles can be created for granting administrative privileges to view the schedules of all JasperReports Server users:

    • ROLE_SCHEDULER_ADMIN: This role is created at the root level. With this role:
      • Superusers and jasperadmins have read, update, and delete access to the schedules created by any joeuser. 
      • Superusers and jasperadmins can provide permission for a specific user to view the schedules of another user (regardless of whether a schedule was created by a superuser, jasperadmin, or joeuser). Superusers and jasperadmins have complete access to the folders of joeusers.
    • ROLE_READ_ONLY: This role is created at the organization level. With this role:
      • Superusers and jasperadmins have read-only access to reports and dashboards for which any joeuser has created schedules.
      • Superusers and jasperadmins can only view scheduled reports created by joeusers, but do not have permission to modify or delete these reports. 
      • Joeusers can read, update, and delete their own repository resources or reports.

    You can view a list of schedules by using the main menu. To view schedules, navigate to View > Schedules and Alerts, then click the Schedules tab. Joeusers can see only the schedules that they have created in the Schedules tab. Schadmins can see the schedules created by all users in the Schedules tab.

    To view the schedules of joeusers, add a new role in the applicationContext-report-scheduling.xml file. For more information, see the following sections.

    • Steps to create a schadmin role
    • Steps to provide read-only access to reports for a schadmin
       

    Steps to create a schadmin role

    To create a schadmin role, do the following:

    1. Add the schadmin role in the applicationContext-report-scheduling.xml file:
              a. Open the applicationContext-report-scheduling.xml  file from the following path:
                   apache-tomcat-x.x.xx/webapps/jasperserver-pro/WEB-INF
              b. Add the role ROLE_SCHEDULER_ADMIN for the property administratorRole in the bean reportJobVirtualAclService: 

    <!-- Security -->
<bean id="reportJobVirtualAclService" class="com.jaspersoft.jasperserver.api.engine.scheduling.security.ReportJobVirtualAclServiceImpl">
    <property name="permissionGrantingStrategy" ref="reportJobVirtualPermissionGrantingStrategy"/>
    <property name="reportJobsInternalService" ref="reportJobsPersistenceHibernateService"/>
    <property name="sidRetrievalStrategy" ref="sidRetrievalStrategy"/>
    <property name="administratorRole" value="ROLE_SCHEDULER_ADMIN"/>
</bean>

             c. Save the file.

            d. Restart Tomcat service.

    2. Log in as a superuser. 

    3. In the main menu, select Manage>Roles. The Manage Roles page displays the roles defined for each organization and the properties for each role. 

    Fig1_ManageRolesPageatrootlevel.thumb.jpg.825f4cef7650bfb476fcc3c840a0aac5.jpg

    Figure 1: Manage Roles page at root-level   

    4. Creating a schadmin role at the organization level:

             a. Click to select the root level in the Organizations panel on the left.
             b. Click the Add Role… button in the toolbar. The Add Role dialog appears.
             c. Enter the role name ROLE_SCHEDULER_ADMIN. The role name is also the role ID and does not accept spaces or special characters. 
                 Note: This role name should match with the schadmin role added in the file applicationContext-report-scheduling.xml in Tomcat.
            d. Click the Add Role… button to create the role.             Fig2_AddingaRole.thumb.jpg.a5f79003c957747458a997c6fa47a2dd.jpg

    Figure 2: Adding a Role

    5. Creating a read-only role at the organization-level:

             a. Click to select the organization level in the Organizations panel on the left.
             b. Click the Add Role… button in the toolbar. The Add Role dialog appears.
             c. Enter the role name ROLE_READ_ONLY. The role name is also the role ID and does not accept spaces or special characters.

    Fig3_ManageRolesPageatOrganizationlevel.thumb.jpg.c7724c168cc9016e02a08f4e573ed395.jpg

    Figure 3: Manage Roles page at Organization-level

            d. Click the Add Role… button to create the role. The new role is included in the Roles panel. 
            e. If you want to assign users to the role, then click the Edit button at the bottom of the Properties panel for the new role.

    6. In the main menu, select Manage>Users. The Manage Users page displays the users in each organization and the properties of the selected user.
    7. Create a new user with the name “schadmin” on Organization. 
         Note: You can name the new user with any name.
    8. Assign the newly created role ROLE_SCHEDULER_ADMIN to schadmin.

    Fig4_EditingtheMembersofaRole.thumb.jpg.65ca1a41ce964d3eb974c2234ba73923.jpg

    Figure 4: Editing the members of a Role

    Scenarios for viewing schedules created by users having different roles

    Scenario 1: Schedules created by a joeuser are only available to that specific joeuser

    The following figure shows that the joeuser can view, edit, and delete their own scheduled jobs.

    Note: Joeuser has read-only access at the Reports folder level. This means that the joeuser does not have permission to save a scheduled report's output in the Reports folder. For joeuser to have this ability, a superuser needs to grant joeuser write access permission to the Reports folder. 

    To provide folder-level permission for joeuser:
    1. Log in as a superuser.
    2. In the main menu, select View>Repository. The Repository page displays the folders available for each organization. You can either use an existing folder or create a new folder to assign permissions.
    3. Right-click on the folder that you want to set permissions for, and select Permissions… from the context menu. The Permissions dialog opens showing the permissions in effect for that folder. The View by option is set to Role by default. Permissions that are inherited from an object's parent are indicated by asterisks (*). 
    4. Click User as the View by option to see a list of users and their associated permissions.
    5. Locate the joeuser in this list, then select Read + Write + Delete from the associated dropdown.

    Scenario1_Schedulesofjoeuser.thumb.jpg.7925f57e43175a7f38b5169bde760a0e.jpg

    Figure 5: Schedules of joeuser

    Scenario 2: Schedules of both joeusers and schadmins are visible to a schadmin

    The following figure shows the read-only access of a schadmin at the root level and organization level.

    Scenario2_Schedulesofjoeuserandschadmin.thumb.jpg.a87afa208ee1affd18c677a4ca24ed09.jpg

    Figure 6: Schedules of joeuser and schadmin

    Scenario 3: Schadmin can delete the schedules of both schadmin and joeuser

    The following figure shows the steps for deleting the schedules for a schadmin at root level and a joeuser at organization level.

    Scenario3_1_Deletingschedulesofbothschadminandjoeuser.thumb.jpg.fd8dda9c131f26008114bf82e325b427.jpg

    Scenario3_2_Deletingschedulesofbothschadminandjoeuser.thumb.jpg.3197fee606f98d62014b2541f7e181c2.jpg

    Scenario3_3_Deletingschedulesofbothschadminandjoeuser.thumb.jpg.04125159432535a6f7e4c1eafbafa089.jpg

    Figure 7: Deleting schedules of both schadmin and joeuser

    Steps to provide read-only access to reports for a schadmin

    To provide read-only access to reports for a schadmin, do the following:
    1. Log in as a superuser.
    2. In the main menu, select View>Repository. The Repository page displays the folders available for each organization.

    Fig8_RepositoryFolderStructure.thumb.jpg.3b4f0e05ff9aeee11cac0f05e5b946af.jpg

    Figure 8: Repository Folder Structure

    3. In the Folders panel, locate root >Organizations>Organization>Reports.
    4. Right-click on the Reports folder and select Permissions… from the context menu. The Permissions dialog opens showing the permissions in effect for the Reports folder. The View by option is set to Role by default. Permissions that are inherited from an object's parent are indicated by asterisks (*).       

    Fig9_SettingPermissionsonReports.thumb.jpg.f8429ab6419b225fdad7e93b1c06de8f.jpg

    Figure 9: Setting Permissions on Reports

    5. Click User as the View by option to see a list of users and their associated permissions.
    6. Assign the users with the following permissions: 
               a. joeuser = Read + Write + Delete
               b. schadmin  = Read Only

    Fig10_PermissionsDialogShowingPermissionsbyUser.thumb.jpg.dff7aac12883a957fbe392e046aa6f19.jpg

    Figure 10: Permissions dialog showing permissions by User 

    7. Click Role as the View by option to see a list of roles and their associated permissions.
    8. Assign with the following permissions:
              a. ROLE_USER = Read Only
              b. ROLE_READ_ONLY = Read Only
              c. ROLE_SCHEDULER_ADMIN  = Read Only

    Fig11_PermissionsDialogShowingPermissionsbyRole.thumb.jpg.2cf92c313d89243a9aa1c17c93c3e07b.jpg

    Figure 11: Permissions dialog showing permissions by Role

    9. Log in as a joeuser to verify that this specific joeuser has permission to delete reports specific to their organization.
              a. In the main menu, select View>Repository.
              b. In the Folders panel, locate Organization>Reports.
        The following figure shows that the Delete button is enabled for this joeuser.

    Fig12_DeletePermissionsareenabledforthisjoeuser.thumb.jpg.01e258b7f30a241996f577f1d784b960.jpg

    Figure 12: Delete Permissions are enabled for this joeuser

    10. Log in as a schadmin to verify that this specific schadmin has permission to delete the reports of joeusers.
                 a. In the main menu, select View>Repository.
                 b. In the Folders panel, locate Organization>Reports.
    The following figure shows that the Delete button is disabled for this Scheduler Admin.

    Fig13_DeletePermissionsaredisabledforthisschadmin.thumb.jpg.7dabb24dd289f71f11ee1a3b3710586e.jpg

    Figure 13: Delete Permissions are disabled for this schadmin

     Share
    Go to entries

    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    This is now closed for further comments

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore