Hi, I'm trying to implement some basic row security. For this example I have two Roles (User and Admin). Admins should see all rows, Users only see rows where the Created_By field matches their UserId. When I use the below xml, I see all rows of data regardless of the user's Role.
What am I doing wrong?
I've tried several things and I'm wondering if the security file simply isn't being applied to my report. Thoughts?
<securitydefinition itemgroupdefaultaccess="granted" version="1.0" xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema">
<resourceaccessgrants>
<resourceaccessgrantlist id="JoinTree_1_List" label="ListLabel" resourceid="JoinTree_1">
<resourceaccessgrants>
<resourceaccessgrant id="Jointree_1_row_access_grant_1">
<principalexpression>
authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_MY_USER'] }
</principalexpression>
<filterexpression>
DCIRS_FILE0.CREATED_BY == groovy('authentication.getPrincipal().getId()')
</filterexpression>
</resourceaccessgrant>
</resourceaccessgrants>
</resourceaccessgrantlist>
</resourceaccessgrants>
</securitydefinition>
1 Answer:
Posted on December 13, 2013 at 2:51pm
I don't know if this will solve your problem, but you have a typo:
DCIRS_FILE0.<span style="color: #006633;">CREATED_BY</span> <span style="color: #339933;">==</span> groovy<span style="color: #009900;">(</span><span style="color: #0000ff;">'authentication.getPrinciple().getId()'</span><span style="color: #009900;">)</span>
getPrinciple should be getPrincipal
How are you applying the security file to the report?
In the edit domain screen on jasperserver I am using the add security file link, select the file off my local computer and upload. It pases the format/parse check and uploads successfully.