Dear all,
I have following scenario: (jasperserver 4.7, ireport 4.7)
I have created 3 line chart (3 jrxml) with same parameters TIME and COUNTRY.
Further, user profile attribute "ROLE_R03018" is involved.
I have 2 users which have access to that three reports.
User 1: user profile attribute COUNTRY => "AT, DE, SK, IN,..." (in sum: 100 country codes)
User 2: user profile attribute COUNTRY => "AT, DE" (only two!)
If I call each report (=> each chart) with user 1, he will see all countries.
If i call each report (=> each chart) with user 2, he will see only two country.
=> row based security works!!
If user 1 creates the dashboard, all users, which have access to that dashboard will see all countries.
(independet of user profile attribute !!!)
If user 2 created the dashboard, all users will see only two countries.
In that case, the row based security does not work! why???
In database I found following records:
dashControlFrameParamName => "LoggedInUserAttribute_ROLE_R03018"
dashControlFrameParamValue =>"AT, DE, SK, IN,..." (in sum: 100 coutry codes)
dashControlFrameDefaultParamValue =>"AT, DE, SK, IN,..." (in sum: 100 coutry codes)
(in case of user 1 is created dashboard)
dashControlFrameParamName => "LoggedInUserAttribute_ROLE_R03018"
dashControlFrameParamValue =>"AT, DE"
dashControlFrameDefaultParamValue =>"AT, DE"
(in case of user 1 is created dashboard)
What can I do, that the row based security also work in case of calling reports in a dashbaord? thanks and best regard
I have following scenario: (jasperserver 4.7, ireport 4.7)
I have created 3 line chart (3 jrxml) with same parameters TIME and COUNTRY.
Further, user profile attribute "ROLE_R03018" is involved.
I have 2 users which have access to that three reports.
User 1: user profile attribute COUNTRY => "AT, DE, SK, IN,..." (in sum: 100 country codes)
User 2: user profile attribute COUNTRY => "AT, DE" (only two!)
If I call each report (=> each chart) with user 1, he will see all countries.
If i call each report (=> each chart) with user 2, he will see only two country.
=> row based security works!!
If user 1 creates the dashboard, all users, which have access to that dashboard will see all countries.
(independet of user profile attribute !!!)
If user 2 created the dashboard, all users will see only two countries.
In that case, the row based security does not work! why???
In database I found following records:
dashControlFrameParamName => "LoggedInUserAttribute_ROLE_R03018"
dashControlFrameParamValue =>"AT, DE, SK, IN,..." (in sum: 100 coutry codes)
dashControlFrameDefaultParamValue =>"AT, DE, SK, IN,..." (in sum: 100 coutry codes)
(in case of user 1 is created dashboard)
dashControlFrameParamName => "LoggedInUserAttribute_ROLE_R03018"
dashControlFrameParamValue =>"AT, DE"
dashControlFrameDefaultParamValue =>"AT, DE"
(in case of user 1 is created dashboard)
What can I do, that the row based security also work in case of calling reports in a dashbaord? thanks and best regard
comments didn't format well, see answer below.
- Log in or register to post comments
add comment
3 Answers:
Posted on December 28, 2012 at 10:42am
There isn't enough information here to be sure what is going on. Some things that might give more information:
Can you show us your domain security file?
Can you show us the file you used to create the profile attributes?
Can you tell us exactly where you found those records in the database? (what table, etc.)?
In your records example, you have the same LoggedInUserAttribute in both cases. You also say "in case user 1 created dashboard" for both cases. So perhaps look at your example more closely.
Parameters and profile attributes work independently, so make sure you are not trying to use parameters instead of profile attributes for security. You need the pro version for Domains, which are what is used for row-based security.
Posted on January 8, 2013 at 3:21am
Dear Elizam,
sorry for late feedback, I was on a business trip.
there is no domain security file - for this I am using only a datasource (data base) connection direct to a table source.
For profile attributes I am using following statement:
INSERT INTO JIProfileAttribute
(id, attrName,attrValue,principalobjectclass,principalobjectid)
values(nextval('public.hibernate_sequence'),'ROLE_R03018','''AT'',''DE'',''SK''','com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser',45313);
I found the records in table "jidashboardframeproperty".
Depend on the user profile attribute of user (user 1 or user 2), which creates the dashboard, all other user will see respective countries of this user.
It is correct, I am using "parameters" which include profile attribute in the where clause (sql) of loggedin user. loggedin user should see only allowed countries.
Parameter Country is a multi-select query input control and sql statement looks like as follow:
select country_code, country_name from country where country_code IN ($P!{LoggedInUserAttribute_ROLE_R03018})
best regards
sorry for late feedback, I was on a business trip.
there is no domain security file - for this I am using only a datasource (data base) connection direct to a table source.
For profile attributes I am using following statement:
INSERT INTO JIProfileAttribute
(id, attrName,attrValue,principalobjectclass,principalobjectid)
values(nextval('public.hibernate_sequence'),'ROLE_R03018','''AT'',''DE'',''SK''','com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser',45313);
I found the records in table "jidashboardframeproperty".
Depend on the user profile attribute of user (user 1 or user 2), which creates the dashboard, all other user will see respective countries of this user.
It is correct, I am using "parameters" which include profile attribute in the where clause (sql) of loggedin user. loggedin user should see only allowed countries.
Parameter Country is a multi-select query input control and sql statement looks like as follow:
select country_code, country_name from country where country_code IN ($P!{LoggedInUserAttribute_ROLE_R03018})
best regards
Posted on January 22, 2013 at 2:37pm
