Basic Row Security Question

Hi, I'm trying to implement some basic row security. For this example I have two Roles (User and Admin). Admins should see all rows, Users only see rows where the Created_By field matches their UserId. When I use the below xml, I see all rows of data regardless of the user's Role. What am I doing wrong?

I've tried several things and I'm wondering if the security file simply isn't being applied to my report. Thoughts?

<securitydefinition itemgroupdefaultaccess="granted" version="1.0" xmlns="">
        <resourceaccessgrantlist id="JoinTree_1_List" label="ListLabel" resourceid="JoinTree_1">
                <resourceaccessgrant id="Jointree_1_row_access_grant_1">
                        authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_MY_USER'] }
                        DCIRS_FILE0.CREATED_BY == groovy('authentication.getPrincipal().getId()')
jclarke's picture
Joined: Dec 11 2013 - 6:36am
Last seen: 8 years 3 months ago

How are you applying the security file to the report?

kcollins - 9 years 3 months ago

In the edit domain screen on jasperserver I am using the add security file link, select the file off my local computer and upload.  It pases the format/parse check and uploads successfully.

jclarke - 9 years 3 months ago

1 Answer:

I don't know if this will solve your problem, but you have a typo:

  DCIRS_FILE0.<span style="color: #006633;">CREATED_BY</span> <span style="color: #339933;">==</span> groovy<span style="color: #009900;">(</span><span style="color: #0000ff;">'authentication.getPrinciple().getId()'</span><span style="color: #009900;">)</span>

getPrinciple should be getPrincipal

elizam's picture
Joined: Mar 5 2012 - 9:19am
Last seen: 2 years 7 months ago

Thanks, I caught that typo too. Fixed it and no luck. I've also tried with the default being denied as well and still always get a full list back. I think this file is being ignored.

jclarke - 9 years 3 months ago

Should it be ROLE_USER instead of ROLE_MY_USER?

elizam - 9 years 3 months ago