Row level security - Authorization issue

Posted on January 12, 2008 at 2:15am
I need to restrict users to a specfic organization_id (an integer key).

I do not mind joining from the fact table to a row level security table that associates user ids with an organization_id - is it simple to pickup up the JS user id as a parameter?

Thanks!
JasperReports® Server
dogfuel's picture
dogfuel
215
Joined: Aug 11 2007 - 10:24am
Last seen: 16 years 1 month ago

17 Answers:

Posted on January 20, 2008 at 12:55am
I'll rephrase ....
Is it possible to use the logged in JasperServer userid as a parameter in the report query (to constrain results to a subset of rows based on this id)?

Thanks!
dogfuel's picture
dogfuel
215
Joined: Aug 11 2007 - 10:24am
Last seen: 16 years 1 month ago
Posted on January 21, 2008 at 5:57am
Yes.

Code:
<br />
<parameter name="LoggedInUser" class="com.jaspersoft.jasperserver.api.metadata.user.domain.User"/><br />
<parameter name="LoggedInUsername" isForPrompting="false"><br />
  <defaultValueExpression>$P{LoggedInUser}.getUsername()</defaultValueExpression><br />
</parameter><br />
<queryString>SELECT .. WHERE .. $P{LoggedInUsername} ..</queryString><br />
</td></tr></tbody></table><br />
<br />
HTH,<br />
Lucian
lucianc's picture
lucianc
87357
Joined: Jul 17 2006 - 1:10am
Last seen: 2 hours 53 min ago
Posted on February 13, 2008 at 3:49pm
Is there a way I can call the LoggedInUser.getuserID()
or .getUserEMAIL()?
I would like to retrieve the user keys and/or user emails.

Thanks.
dogfuel's picture
dogfuel
215
Joined: Aug 11 2007 - 10:24am
Last seen: 16 years 1 month ago
Posted on February 14, 2008 at 7:24am
The User interface looks like:

Code:
<br />
public interface User extends AttributedObject {<br />
	<br />
	public String getUsername();<br />
	<br />
	public String getFullName();<br />
<br />
	public String getEmailAddress();<br />
<br />
	public boolean isExternallyDefined();<br />
<br />
	public boolean isEnabled();<br />
	<br />
	public Set getRoles();<br />
<br />
}<br />
</td></tr></tbody></table><br />
<br />
<br />
Sherman<br />
JasperSoft<br>Post edited by: swood, at: 2008/02/14 07:25
swood's picture
swood
24535
Joined: Jun 21 2006 - 12:48pm
Last seen: 10 years 11 months ago
Posted on February 16, 2008 at 2:57am
perfect - thank you
dogfuel's picture
dogfuel
215
Joined: Aug 11 2007 - 10:24am
Last seen: 16 years 1 month ago
Posted on April 28, 2008 at 4:18pm
I would like to use all/part of a special role as a parameter in a report. I would like to read through the Set of roles for a user, identify the 'special' role based on its format or a character and then return a string/integer to a parameter. Like getUsername.

What would be best; extend/modify the User Interface to include a function to do this, use a scriptlet, or create a stand alone java class? Extending or modifying the User interface is not ideal because I don't want to fix it each time I upgrade.

My goal is to reuse this parameter across many reports as a data source filter.
jeffv's picture
jeffv
349
Joined: Feb 17 2008 - 5:25am
Last seen: 15 years 7 months ago
Posted on April 29, 2008 at 12:10am
I have a solution that works, but is not ideal because it requires maintaining a separate user name table in Postgres. I will take suggestions for improvement.

I created a 'client user' table in Postgres that contains the user name as it appears in Jasper, the client key and boolean for active users. This table is added to all 'client' reports with a where clause to filter 'user_name' = $P{LoggedInUsername}.

I would much rather parse out the client key from a user role.

I tried using an input control, but it wouldn't work due to a SQL syntax error at "= $". Probably didn't have a value for the parameter at that time. Just guess.
jeffv's picture
jeffv
349
Joined: Feb 17 2008 - 5:25am
Last seen: 15 years 7 months ago
Posted on April 29, 2008 at 3:50am
I haven't quite followed everything you want to do, but I may be able to help with your current problem. Can you please post the definition (or a screen shot) for the parameter, the SQL for your query (the where clause should suffice), and a bit more info on the error?

Re: the error, did you run the report from iReport or JasperServer?

Mary
mmflynn's picture
mmflynn
3978
Joined: Sep 19 2006 - 5:43am
Last seen: 10 years 2 months ago
Posted on April 29, 2008 at 6:50pm
I want to reuse reports across many different client users. Each client user must only see their subset of data so the reports need to be filtered to their key.

My plan is to assign a key specific role to client users. The text for these roles would contain the clients unique key (6 digit interger). All client specific reports would be created with this filter; many users, one report, specific client data.

Here are the details of the input control:
* Single Select Query
* Mandatory = yes
* Query =
Code:
SELECT * FROM tbl_jasper_users WHERE user_name = $P{LoggedInUsername}</td></tr></tbody></table><br />
* Parameter works; it currently displays in a text field in the report<br />
<br />
Errors being returned:<br />
<font color=#0000FF><br />
</ol>com.jaspersoft.jasperserver.api.JSExceptionWrapper: net.sf.jasperreports.engine.JRException: Error executing SQL statement for : qrySelectKey<br />
<br />
net.sf.jasperreports.engine.JRException: Error executing SQL statement for : qrySelectKey<br />
<br />
org.postgresql.util.PSQLException: ERROR: syntax error at or near "= $"[/ol</font>]<br />
<br />
<br />
Full error is attached.<br />
<br />
Post edited by: jeffv, at: 2008/04/29 18:55 [file name=inputcontrolError.txt size=30341]http://www.jasperforge.org/components/com_joomlaboard/uploaded/files/inputcontrolError.txt[/file]<br>Post edited by: jeffv, at: 2008/04/29 18:58
jeffv's picture
jeffv
349
Joined: Feb 17 2008 - 5:25am
Last seen: 15 years 7 months ago
Posted on April 29, 2008 at 7:07pm
What Mary was asking was: Did you declare the LoggedInUser parameter in the JRXML? Like:

Code:
<br />
<parameter name="LoggedInUser" class="com.jaspersoft.jasperserver.api.metadata.user.domain.User"/><br />
</td></tr></tbody></table><br />
<br />
It has to be called "LoggedInUser".<br />
<br />
To get the user name as a parameter, create another parameter:<br />
<br />
<table align="center" border="0" cellpadding="3" cellspacing="1" width="90%"><tbody><tr><td><b>Code:</b></td></tr><tr><td><pre><br />
<parameter name="LoggedInUsername" class="java.lang.String"/><br />
    <defaultValueExpression ><![CDATA[$P{LoggedInUser}].getUsername()]></defaultValueExpression><br />
</td></tr></tbody></table><br />
<br />
Then you can use $P(LoggedInUsername} in your query.<br />
<br />
<br />
<br />
Sherman<br />
JasperSoft<br>Post edited by: swood, at: 2008/04/29 19:42
swood's picture
swood
24535
Joined: Jun 21 2006 - 12:48pm
Last seen: 10 years 11 months ago
Posted on April 29, 2008 at 8:00pm
Yes I did. I have used $P{LoggedInUsername} in a text field in the same report to make sure I am receiving the user name. It works fine.

I now want to use that parameter in the WHERE clause of an input control that will filter the list of keys available for that user.

JRXML file contains:
Code:
<parameter name="LoggedInUser" isForPrompting="true" class="com.jaspersoft.jasperserver.api.metadata.user.domain.User"/><br />
	<parameter name="LoggedInUsername" isForPrompting="false" class="java.lang.String"><br />
		<defaultValueExpression ><![CDATA[$P{LoggedInUser}.getUsername()]]></defaultValueExpression><br />
	</parameter></td></tr></tbody></table><br />
<br />
I am connecting to a Postgres database.<br>Post edited by: jeffv, at: 2008/04/29 20:02
jeffv's picture
jeffv
349
Joined: Feb 17 2008 - 5:25am
Last seen: 15 years 7 months ago
Posted on April 29, 2008 at 8:04pm
Ahh.. I see the final SQL is wrong.

Try:

Code:
<br />
...WHERE user_name = '$P{LoggedInUsername}'<br />
</td></tr></tbody></table><br />
<br />
<br />
Sherman<br />
JasperSoft
swood's picture
swood
24535
Joined: Jun 21 2006 - 12:48pm
Last seen: 10 years 11 months ago
Posted on April 30, 2008 at 6:33pm
Teodor pointed out to me that you don't need the single quotes in the query.

And I did not read all your details properly, so I gave the wrong advice - sorry!

Looking at it again, you cannot filter the query input control in the way you are wanting. Could you log an enhancement?


Sherman
JasperSoft
swood's picture
swood
24535
Joined: Jun 21 2006 - 12:48pm
Last seen: 10 years 11 months ago
Posted on April 30, 2008 at 9:49pm
Thanks, at least I'll quit trying to go that route. How can I extract the string from the collection/set of Roles return by the LoggedInUser?

Where do I log an enhancement request?
jeffv's picture
jeffv
349
Joined: Feb 17 2008 - 5:25am
Last seen: 15 years 7 months ago
Posted on July 1, 2008 at 6:36pm
Hi,

Does anyone know if it is possible to reference custom attributes from ldap entry through the LoggedInUsername in a sql? If not, could it be done any other way?
I'm trying to reference attributes like Region, Location, Timezone any custom attribute....
Something like

select * from table where
region = '$P{LoggedInUsername}.region'

Thanks

Post edited by: zhu001, at: 2008/07/01 18:37
Post edited by: zhu001, at: 2008/07/01 18:38
zhu001's picture
zhu001
183
Joined: Jun 27 2008 - 4:20am
Last seen: 15 years 3 months ago
Posted on April 27, 2010 at 7:40am

hi,

i have implemented the row level security in the same way, but when i use those reports in my dashboard

(using jasperserver pro 3.7.2)

i get the following error even after supplying all the default values:

The report is missing default values for atleast one mandatory parameter.

 

Please suggest the resolution

shivaligandhi's picture
shivaligandhi
145
Joined: Apr 26 2010 - 3:48am
Last seen: 13 years 5 months ago
Posted on July 24, 2012 at 5:34am

 I have similar problem in getting the logged in organization/tenant id & using them in the SQL query.

I used a parameter & captured the organization/tenant id as below, 

<parameter name="LoggedInUser" class="com.jaspersoft.jasperserver.api.metadata.user.domain.User"/>

<parameter name="LoggedInTenantId" class="java.lang.Integer" isForPrompting="false">

<defaultValueExpression><![CDATA[$P{LoggedInUser}.getTenantId()]]></defaultValueExpression>

</parameter>

And printed this parameter in the main report - the proper value gets printed. 

I have a input control whose SQL Query is as below, 

select id, name from team_mst where TEAM_ID in (select team_id from access_mst where USER_ID = (Select USER_ID from user_mst where USER_NAME = '$P!{LoggedInUsername}' and ENTERPRISE_ID =  $P!{ LoggedInTenantId} ) and ENTERPRISE_ID =  $P!{ LoggedInTenantId} ) and VIR_TEAM_TYPE in (0,2) and DEACTIVATED = 0;

Before loading the main report the input control query itself fails with error as,

2012-07-24 17:00:37,881 ERROR errorPage_jsp,http-8080-1:487 - stack trace of exception that redirected to errorPage.jsp

net.sf.jasperreports.engine.JRRuntimeException: Parameter "LoggedInTenantId" does not exist.

at net.sf.jasperreports.engine.query.JRAbstractQueryExecuter.checkParameter(JRAbstractQueryExecuter.java:627)

atnet.sf.jasperreports.engine.query.JRAbstractQueryExecuter.appendParameterClauseChunk(JRAbstractQueryExecuter.java:347)

at net.sf.jasperreports.engine.query.JRAbstractQueryExecuter.appendQueryChunk(JRAbstractQueryExecuter.java:262)

at net.sf.jasperreports.engine.query.JRAbstractQueryExecuter.parseQuery(JRAbstractQueryExecuter.java:247)

 

The parameter have been defined. I'm not sure what is required here... & how can we resolve this...PLease anyone can show some pointer or help ...

I have attached the JRXML that I'm using..

janardhanam's picture
janardhanam
38
Joined: Jul 24 2012 - 5:09am
Last seen: 11 years 2 months ago
Feedback
randomness