Basic Row Security Question

1
Hi, I'm trying to implement some basic row security. For this example I have two Roles (User and Admin). Admins should see all rows, Users only see rows where the Created_By field matches their UserId. When I use the below xml, I see all rows of data regardless of the user's Role. What am I doing wrong?

I've tried several things and I'm wondering if the security file simply isn't being applied to my report. Thoughts?

<securitydefinition itemgroupdefaultaccess="granted" version="1.0" xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema">
    <resourceaccessgrants>
        <resourceaccessgrantlist id="JoinTree_1_List" label="ListLabel" resourceid="JoinTree_1">
            <resourceaccessgrants>
                <resourceaccessgrant id="Jointree_1_row_access_grant_1">
                    <principalexpression>
                        authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_MY_USER'] }
                    </principalexpression>
                    <filterexpression>
                        DCIRS_FILE0.CREATED_BY == groovy('authentication.getPrincipal().getId()')
                    </filterexpression>
                </resourceaccessgrant>
            </resourceaccessgrants>
        </resourceaccessgrantlist>
    </resourceaccessgrants>
 
</securitydefinition>
jclarke's picture
Joined: Dec 11 2013 - 6:36am
Last seen: 4 years 7 months ago

How are you applying the security file to the report?

kcollins - 5 years 7 months ago

In the edit domain screen on jasperserver I am using the add security file link, select the file off my local computer and upload.  It pases the format/parse check and uploads successfully.

jclarke - 5 years 7 months ago

1 Answer:

0

I don't know if this will solve your problem, but you have a typo:

  DCIRS_FILE0.<span style="color: #006633;">CREATED_BY</span> <span style="color: #339933;">==</span> groovy<span style="color: #009900;">(</span><span style="color: #0000ff;">'authentication.getPrinciple().getId()'</span><span style="color: #009900;">)</span>

getPrinciple should be getPrincipal

elizam's picture
3854
Joined: Mar 5 2012 - 9:19am
Last seen: 1 month 6 days ago

Thanks, I caught that typo too. Fixed it and no luck. I've also tried with the default being denied as well and still always get a full list back. I think this file is being ignored.

jclarke - 5 years 7 months ago

Should it be ROLE_USER instead of ROLE_MY_USER?

elizam - 5 years 7 months ago
Feedback
randomness