Henna Katy

Note: User types with different permission levels are mentioned throughout this article. For ease of understanding, the following terms are used: superuser - A system administrator who has access to the entire repository, including the contents of every organization. jasperadmin - An administrative user who has access to everything within their organization. joeuser - A typical user who has access only to the resources that they created. schadmin - A system administrator (superuser) or administrative user (jasperadmin) who has access to view the schedules of all users. This article provides an overview of how to provide administrative permissions to access Schedules and Reports of all users on the JasperReports Server application. The following roles can be created for granting administrative privileges to view the schedules of all JasperReports Server users: ROLE_SCHEDULER_ADMIN: This role is created at the root level. With this role: Superusers and jasperadmins have read, update, and delete access to the schedules created by any joeuser. Superusers and jasperadmins can provide permission for a specific user to view the schedules of another user (regardless of whether a schedule was created by a superuser, jasperadmin, or joeuser). Superusers and jasperadmins have complete access to the folders of joeusers. ROLE_READ_ONLY: This role is created at the organization level. With this role: Superusers and jasperadmins have read-only access to reports and dashboards for which any joeuser has created schedules. Superusers and jasperadmins can only view scheduled reports created by joeusers, but do not have permission to modify or delete these reports. Joeusers can read, update, and delete their own repository resources or reports. You can view a list of schedules by using the main menu. To view schedules, navigate to View > Schedules and Alerts, then click the Schedules tab. Joeusers can see only the schedules that they have created in the Schedules tab. Schadmins can see the schedules created by all users in the Schedules tab. To view the schedules of joeusers, add a new role in the applicationContext-report-scheduling.xml file. For more information, see the following sections. Steps to create a schadmin role Steps to provide read-only access to reports for a schadmin Steps to create a schadmin role To create a schadmin role, do the following: 1. Add the schadmin role in the applicationContext-report-scheduling.xml file: a. Open the applicationContext-report-scheduling.xml file from the following path: apache-tomcat-x.x.xx/webapps/jasperserver-pro/WEB-INF b. Add the role ROLE_SCHEDULER_ADMIN for the property administratorRole in the bean reportJobVirtualAclService: <!-- Security --> <bean id="reportJobVirtualAclService" class="com.jaspersoft.jasperserver.api.engine.scheduling.security.ReportJobVirtualAclServiceImpl"> <property name="permissionGrantingStrategy" ref="reportJobVirtualPermissionGrantingStrategy"/> <property name="reportJobsInternalService" ref="reportJobsPersistenceHibernateService"/> <property name="sidRetrievalStrategy" ref="sidRetrievalStrategy"/> <property name="administratorRole" value="ROLE_SCHEDULER_ADMIN"/> </bean> c. Save the file. d. Restart Tomcat service. 2. Log in as a superuser. 3. In the main menu, select Manage>Roles. The Manage Roles page displays the roles defined for each organization and the properties for each role. Figure 1: Manage Roles page at root-level 4. Creating a schadmin role at the organization level: a. Click to select the root level in the Organizations panel on the left. b. Click the Add Role… button in the toolbar. The Add Role dialog appears. c. Enter the role name ROLE_SCHEDULER_ADMIN. The role name is also the role ID and does not accept spaces or special characters. Note: This role name should match with the schadmin role added in the file applicationContext-report-scheduling.xml in Tomcat. d. Click the Add Role… button to create the role. Figure 2: Adding a Role 5. Creating a read-only role at the organization-level: a. Click to select the organization level in the Organizations panel on the left. b. Click the Add Role… button in the toolbar. The Add Role dialog appears. c. Enter the role name ROLE_READ_ONLY. The role name is also the role ID and does not accept spaces or special characters. Figure 3: Manage Roles page at Organization-level d. Click the Add Role… button to create the role. The new role is included in the Roles panel. e. If you want to assign users to the role, then click the Edit button at the bottom of the Properties panel for the new role. 6. In the main menu, select Manage>Users. The Manage Users page displays the users in each organization and the properties of the selected user. 7. Create a new user with the name “schadmin” on Organization. Note: You can name the new user with any name. 8. Assign the newly created role ROLE_SCHEDULER_ADMIN to schadmin. Figure 4: Editing the members of a Role Scenarios for viewing schedules created by users having different roles Scenario 1: Schedules created by a joeuser are only available to that specific joeuser The following figure shows that the joeuser can view, edit, and delete their own scheduled jobs. Note: Joeuser has read-only access at the Reports folder level. This means that the joeuser does not have permission to save a scheduled report's output in the Reports folder. For joeuser to have this ability, a superuser needs to grant joeuser write access permission to the Reports folder. To provide folder-level permission for joeuser: 1. Log in as a superuser. 2. In the main menu, select View>Repository. The Repository page displays the folders available for each organization. You can either use an existing folder or create a new folder to assign permissions. 3. Right-click on the folder that you want to set permissions for, and select Permissions… from the context menu. The Permissions dialog opens showing the permissions in effect for that folder. The View by option is set to Role by default. Permissions that are inherited from an object's parent are indicated by asterisks (*). 4. Click User as the View by option to see a list of users and their associated permissions. 5. Locate the joeuser in this list, then select Read + Write + Delete from the associated dropdown. Figure 5: Schedules of joeuser Scenario 2: Schedules of both joeusers and schadmins are visible to a schadmin The following figure shows the read-only access of a schadmin at the root level and organization level. Figure 6: Schedules of joeuser and schadmin Scenario 3: Schadmin can delete the schedules of both schadmin and joeuser The following figure shows the steps for deleting the schedules for a schadmin at root level and a joeuser at organization level. Figure 7: Deleting schedules of both schadmin and joeuser Steps to provide read-only access to reports for a schadmin To provide read-only access to reports for a schadmin, do the following: 1. Log in as a superuser. 2. In the main menu, select View>Repository. The Repository page displays the folders available for each organization. Figure 8: Repository Folder Structure 3. In the Folders panel, locate root >Organizations>Organization>Reports. 4. Right-click on the Reports folder and select Permissions… from the context menu. The Permissions dialog opens showing the permissions in effect for the Reports folder. The View by option is set to Role by default. Permissions that are inherited from an object's parent are indicated by asterisks (*). Figure 9: Setting Permissions on Reports 5. Click User as the View by option to see a list of users and their associated permissions. 6. Assign the users with the following permissions: a. joeuser = Read + Write + Delete b. schadmin = Read Only Figure 10: Permissions dialog showing permissions by User 7. Click Role as the View by option to see a list of roles and their associated permissions. 8. Assign with the following permissions: a. ROLE_USER = Read Only b. ROLE_READ_ONLY = Read Only c. ROLE_SCHEDULER_ADMIN = Read Only Figure 11: Permissions dialog showing permissions by Role 9. Log in as a joeuser to verify that this specific joeuser has permission to delete reports specific to their organization. a. In the main menu, select View>Repository. b. In the Folders panel, locate Organization>Reports. The following figure shows that the Delete button is enabled for this joeuser. Figure 12: Delete Permissions are enabled for this joeuser 10. Log in as a schadmin to verify that this specific schadmin has permission to delete the reports of joeusers. a. In the main menu, select View>Repository. b. In the Folders panel, locate Organization>Reports. The following figure shows that the Delete button is disabled for this Scheduler Admin. Figure 13: Delete Permissions are disabled for this schadmin

Annotations Overview The span names and properties can be modified for better visibility on Jaeger. You can create an annotation by adding @WithSpan to the method. This creates a span for a method for which it is annotated with. These annotated method names appear under the Operations field in Jaeger UI. The following figure shows the @WithSpan annotation for one of the methods involved in the process of Scheduling. Adding Annotations Use cases for Adding Annotation You can add annotations in the method of the code to investigate the performance issues of JasperReports Server application during execution of the report. The performance of an application can be slow due to various reasons, for example, if a report is taking longer than usual to execute, in such cases adding annotations helps to break down the request time by detecting slow queries and capturing the exact places (spans) and the time spent in each major code area. For more information about various scenarios where adding annotations helped to improve the performance of JasperReports Server application, see https://community.jaspersoft.com/knowledgebase/how-to/how-to-investigate-the-performance-issues-of-scheduler-and-input-controls-in-the-jasperreports-server-r4635/ Adding @WithSpan and Creating Custom Spans Adding @WithSpan 1. Add the OpenTelemetry library in the following pom.xml of the corresponding java module in which the class resides. <dependency> <groupId>io.opentelemetry</groupId> <artifactId>opentelemetry-extension-annotations</artifactId> </dependency> 2. Import import io.opentelemetry.extension.annotations.WithSpan; 3. After importing add @WithSpan to the required method. Creating Custom Spans 1. Add the following dependency in the pom.xml for creating a span using the Span class: <dependency> <groupId>io.opentelemetry</groupId> <artifactId>opentelemetry-api</artifactId> <version>1.16.0</version> </dependency> 2. Import import io.opentelemetry.api.trace.Span; Methods for Adding Annotations The following are the main methods for adding annotations in the code. You need to set the following span names and properties for instrumenting the code: span = Span.current() span.updateName() span.setAttribute() For more information, refer to OpenTelemetry javadoc https://javadoc.io/doc/io.opentelemetry/opentelemetry-api-trace/latest/io/opentelemetry/api/trace/Span.html.

Use cases This section includes scenarios when tracing helped to improve the performance in the Scheduler and Input Controls of JasperReports Server application. Tracing Report execution triggered by Scheduler When running a report in JasperReports Server, Scheduled job took a longer duration than usual, which resulted in performance issues in JasperReports Server. We examined the application server logs to find out the issue, but could not detect anything in the application server logs. This issue was later detected by enabling tracing. Enabling tracing helped to detect slow queries by capturing the exact places (spans) and the time spent in each major code area. The following figure shows an example of the errors captured for the JasperReports Server Scheduler in Jaeger UI along with the logs. In this way all the hidden errors that remained undetected in the application server logs were found in Jaeger UI. Example of Error Captured by OpenTelemetry in Jaeger UI Example of Logs Captured by OpenTelemetry in Jaeger UI Tracing the execution of Report with Input Controls When running a report in JasperReports Server, the Input Controls dialog remained open for too long, which resulted in slow performance of the JasperReports Server application. We examined the application server logs to find out the issue, but could not detect anything in the application server logs. This issue was later detected by enabling tracing. Tracing helped to capture the time spent for running SQL queries of Input Control. This helped to find out the total time taken to resolve all the values and deliver them back in the REST API response. Enabling tracing of the report execution helps to find slow SQL queries, and can help to determine if these queries were sent by report or Input Controls. In Jaeger UI you can look for slow queries by checking the start time, total execution time, and the duration of each span. To enable tracing, you need to configure OpenTelemetry and Jaeger agents on the JasperReports Server application and cluster. For more information, refer to JasperReports Server Administrator Guide.