warden54

I figured out what the problem was. The principal expression and filter expression have to be on the same line as the opening tag. So while this does not work: <principalExpression> authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['SANDMINE'] } </principalExpression> This works just fine: <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['SANDMINE'] }</principalExpression>

I'm trying to get the XML security file in place on a domain. I'm looking for role SANDMINE and want to match on the terminal When I login as a user with that role and a value under terminal, it does not appear any filtering is happening. I'm opening a basic Ad Hoc Report to test. <securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted"> <resourceAccessGrants> <!-- Add row-level security rules in this section. --> <resourceAccessGrantList id="account_resource_access_grant" label="aLabel" resourceId="Onsite_Inventory"> <resourceAccessGrants> <resourceAccessGrant id="account_ROLE_SANDMINE_row_grant"> <!-- <principalExpression>aPrincipalExpression</principalExpression> --> <principalExpression> authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['SANDMINE'] } </principalExpression> <filterExpression> terminal in (groovy('authentication.getPrincipal().getAttributes().find{ it.attrName == "terminal"}.attrValue')) </filterExpression> </resourceAccessGrant> </resourceAccessGrants> </resourceAccessGrantList> </resourceAccessGrants> <!-- _________________________________________ --> <itemGroupAccessGrants> </itemGroupAccessGrants> </securityDefinition> Any help or advice is greatly appreciated.