Common (and Recommended) Approach to Securing Domain Data
In most cases you can secure Domain data via a Domain Security file. The data can be filtered based on logged in username, user roles and user attributes. It can also be filtered by columns, and by separate data rows. For detailed information on this please see the corresponding section in TIBCO JasperReports® Server Security Guide:
The Problem
One limitation of such approach is that Domain security file does not apply to data returned by a custom query which users put into Derived tables. One of the possible solutions to this limitation is listed below.
Alternative approach
This approach allows you filter Domain data based on logged in user name. The steps are:
In the Domain, create a calculate field with a groovy expression which will pull the name of current user from the session. Lets name it logged_in_username. The expression should look like this:
groovy('authentication.principal.username')
Here is how it might look:
Create another Calculated field and place it in the same section of the Join tree where you have the database field with user names. This Calc field will be of type Boolean, and you will compare the value of your database field to logged_in_username. Lets name it user_check, and set the value to:
my_table.username == constant_fields_level.logged_in_username
For example:
Go to the Pre-filters tab and create filter on the user_check field and return data only if it's true:
The reason why we need to create the second user_check field is because logged_in_username is created as a constant and is not an actual field, and therefor cannot be used in a filter. Once you create an Ad Hoc View based on this Domain, the filter will be applied to both Derived tables and the data returned by other Domain fields.
Recommended Comments
There are no comments to display.