Jump to content

  • Setting up Row-level Security

    mgeise

    By mgeise

      • Version: v4.1, v4.1.3, v4.1.2, v4.1.1, v4.0, v4.0.2, v4.0.1, v3.7, v3.7.6, v3.7.5, v3.7.4, v3.7.3, v3.7.2, v3.7.1, v3.7.0, v3.7.0.1, v3.6, v3.6.2, v3.6.1, v3.6.0, v3.5, v3.5.3, v3.5.2, v3.5.1, v3.5.0 Product: JasperReports® Server
     Share

    This guide is based on a business case from Defining a Domain Security File.

    How-to insert a profile attribute (deprecated)

    UPDATE: This section is only relevant to JasperReports Server v4.7 and below. Starting with JasperReports Server v5.0+ the profile attributes can be added from the Manage User page (see online Documentation Section on editting user profile attributes) in the Server UI while logged in with an admin account (jasperamdin or superuser). There is no need to add these are the database level.

    A profile attribute is a name-value pair defined at the user or role level; in this example, it is set on the user and corresponds to value in the data returned by the Domain.

    Retrieve the User IDs in the Repository

    1. Launch your SQL client (depending on your database).
    2. Launch the following SQL queries to retrieve Jasper and Repsaj IDs:
    SELECT * FROM jiuserrole
 WHERE roleId = (SELECT id FROM jirole WHERE rolename = "ROLE_MYDOMAIN_STORE_MANAGER")
   AND userId = (SELECT id FROM jiuser WHERE username = "jasper");
SELECT * FROM jiuserrole
 WHERE roleId = (SELECT id FROM jirole WHERE rolename = "ROLE_MYDOMAIN_STORE_MANAGER")
   AND userId = (SELECT id FROM jiuser WHERE username = "repsaj");

    Jasper user ID is 42.

    Setting_up_row_level_security_1.JPG.5b86bdb0995ba62d76ed6f6809880011.JPG

    Repsaj user ID is 43.

    Setting_up_row_level_security_2.JPG.63913f52bbc576f520de6c4959819a7e.JPG

    Inserting Attributes into Profile Attribute Table

    Launch the following SQL queries to insert Jasper and Repsaj profile attribute:

    INSERT INTO jiprofileattribute (attrName,attrValue,principalobjectclass,principalobjectid)
     VALUES ("Cities","Los Angeles",
             "com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser",42);
INSERT INTO jiprofileattribute (attrName,attrValue,principalobjectclass,principalobjectid)
     VALUES ("Cities","San Diego",
             "com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser",43);

    Note: after inserting attributes, go to JasperServer, Manage > Users. You can see the new profile attributes for Jasper and Repsaj.

    Setting_up_row_level_security_3.JPG.c1516df05dd247192abbca914a3d98b2.JPG

    Setting_up_row_level_security_4.JPG.c4ca59198d847d07673a573b77442dcf.JPG

    Creating a Security File

    Open your XML editor (eg: notepad++ or XMLBuddy) and create a new XML file.

    1. Add the following lines and save your document:

      <securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0"
                    itemGroupDefaultAccess="granted">
  <resourceAccessGrants>
    <resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
      <resourceAccessGrants>
        <resourceAccessGrant id="Jointree_1_row_access_grant_1">
          <principalExpression>
            <!CDATA[authentication.getPrincipal().getAttributes().any{ it.getAttrName() in ['Cities']]]>
          </principalExpression>
          <filterExpression>
            store.store_city
            in (groovy( 'authentication.getPrincipal().getAttributes().find{ it.attrName == "Cities" }
                                       .attrValue.split(",").collect {"<em>" + it + "</em>"}
                                       .join(",").replaceFirst("^<em>","").replaceFirst("</em>$","")' ))
          </filterExpression>
        </resourceAccessGrant>
      </resourceAccessGrants>
    </resourceAccessGrantList>
  </resourceAccessGrants>
</securityDefinition>

    Applying a Security File

    • As the Repository Administrator (eg: jasperadmin), log into JasperReports Server.
    • On the Home page, click View > Repository.

    • In the Repository manager, select the Domains folder, select your domain and click the Edit icon.

      Setting_up_row_level_security_5.JPG.1c593e1bfe22089a90bf16182cfc3efe.JPG
    • Click on RESOURCES section and click on Add Security.

    • In Local File tab, click on Browse to specify your security file path. Then do OK and Save.

      Setting_up_row_level_security_6.JPG.097579480fec8fa8bb7f08a243ee4958.JPG

    Test

    Let's create a basic report to test the row-level security rules.

    1. As the Repository Administrator, click on Create > Ad Hoc Report.

      Setting_up_row_level_security_7.JPG.ae1988441d795bfc2add0554f1aa1e0b.JPG

    2. In Domains tab, select your domain, and on the right select Table as the report type.

      Setting_up_row_level_security_8.JPG.4b6ef57a6d012d83dfa8b0ad355417dc.JPG

    3. In Choose Ad Hoc Data, drag employee and store items and drop them on your right in Selected Items frame. Then do Done.

      Setting_up_row_level_security_9.JPG.f574bc8a302fe1c43897c9fd448a5975.JPG

    4. Create your report as below then save it in the Repository.

      Setting_up_row_level_security_10.JPG.b5880df84bb2e91c5326720efbcb387f.JPG

    5. Run the new report as jasperadmin. You will notice the report displays stores' information from all location.

      Setting_up_row_level_security_11.JPG.e71404204059ef19960c67eafc62cea1.JPG

    6. Run the new report as Jasper user. The report only displays stores' information related to Los Angeles.

      Setting_up_row_level_security_12.JPG.ff1c2a8fa079936533d09f8bf500b181.JPG

    7. Run the new report as Repsaj user. The report only displays stores' information related to San Diego.

      Setting_up_row_level_security_13.JPG.6a7a6cbe6533fd0cc4a02c7aead61e92.JPG

    (Optional) Multiple values for Profile Attributes

    A profile attribute can contain multiple values, separated by commas. See the below example for Jasper user:

    INSERT INTO jiprofileattribute (attrName,attrValue,principalobjectclass,principalobjectid)
     VALUES ("Cities","Los Angeles,Alameda,Acapulco","com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser",42);

    (Optional) Modifying Profile Attributes

    Here is the SQL query to modify a profile attribute. This example is for Jasper user:

    UPDATE jiprofileattribute 
   SET attrValue = "Los Angeles,Alameda,Acapulco" 
 WHERE attrName = "Cities" AND principalobjectid = 42;

    Run the new report as Jasper user. Now the report displays stores' information related to Los Angeles, Alameda and Acapulco.

    Setting_up_row_level_security_14.JPG.df630cd428289a477752e4efe8b8fb4d.JPG

    Notes

    • A Profile Atribute value is not case-sensitive(eg: SAn FrAnCisco).

    More Examples

    See also...

     Share
    Go to entries

    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    This is now closed for further comments

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore