Hello all, I'm currently trying to find the right structure for my reports in JasperReports: Picture this business structure - Parent Org - Child Org1 - Branch1 branchId=1 - Branch2 branchId=2 - Child Org2 .... For each of the nodes in this org tree, there are the same reports, but users that only have access to a branch can only see data of their branch, Child Org1 users can only see data of its branches and users of Parent Org can see everything. The structure is reasonable large. As an end result, I'd like to pass in a list of branchIds as a parameter to the reports to limit the visibility of data. I've thought about a couple of scenarios, neither of them is really satisfactory (well, please correct me if I'm wrong there): (1) Setup the structure as above as organizations in JS, each node has Value List defined with the accessible values. Problem: I'd have to duplicate the reports for each node, so each update of a report would be have to be done in each node - maintenance nightmare. Or is there another way of achieving this? (2) Just one Organization and set up a role for each branchId, named following a convention (e.g. BRANCH_x), and passing it somehow into the report. Problem: Sounds a bit dodgy, doesn't it? I've never been a big fan of naming conventions like this. (3) One Organization, utilize profile attributes similar to the 'Securing a domain' example. Problem: There's no UI for maintaining a user's (or role's) profile attributes. I'd have to develop this which might be a considerable cost. (4) Using an external authentication and pass the required additional to JS. Neither of the solutions seems straightforward or easy to implement, so maybe I'm missing something here. Has anybody implemented a similar scenario or any ideas? Cheers Thomas