Domain Security File with Profile Attribute


I am defining domain security using profile attribute, but i am not able to do it.

below is my security file. Can anyone tell me what is missing in this file?

            <resourceAccessGrant id="JoinTree_1__row_grant">
                      <![CDATA[authentication.getPrincipal().getAttributes().any{ it.getAttrName() in ['storecity'] }]]>
            <filterExpression>public_store.store_city in (groovy('authentication.getPrincipal().getAttributes().find{ it.attrName == "storecity" }.attrValue'))</filterExpression>


juser2013's picture
Joined: Mar 19 2013 - 3:47am
Last seen: 8 years 10 months ago

3 Answers:

You need stuff around this - the example in the Ultimate Guide has this much:

<securityDefinition xmlns="" version="1.0" itemGroupDefaultAccess="granted">
<!-- Row level security -->
<!-- What access do roles/users have to the rows in the resource? -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel"
<!-- Row level for Cities -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
{it.attrName in ['Cities'] }]]></principalExpression>
<!-- Row level for Product Dept -->
<resourceAccessGrant id="Jointree_1_row_access_grant_30">
{it.getAttrName() in ['ProductDepartment'] }]]></principalExpression>

Have you set up the profile attributes you want for your users?  I also normally use the testProfileAttribute function instead of the groovy - is there some reason you are doing it that way? What version of JRS are you using?

elizam's picture
Joined: Mar 5 2012 - 9:19am
Last seen: 2 years 4 months ago

In case you haven't already, you should look at the Ultimate Guide, which goes into row security in detail. The link to an earlier PDF of the Ultimate Guide is here:

The HTML version should be up soon.

elizam - 8 years 10 months ago

Thanks Elizam !!!  This is working fine now. I was doing it from the JasperReport Server User Guide. In that, only Groovy example is given. I am using 5.0.1 version.

I tried with TestProfileAttribute earlier, but it was working. I dont know why?? 

Can you tell me what is the difference between this two - 

1) <![CDATA[authentication.principal.attributes.any{it.attrName in ['Cities'] }]]>

2) <![CDATA[authentication.getPrincipal().getAttributes().any{it.getAttrName() in ['ProductDepartment'] }]]>

There is no such reason for using Groovy, I wanted to apply security using Profile Attribute and I got example of groovy. 

Thanks once again !!



juser2013's picture
Joined: Mar 19 2013 - 3:47am
Last seen: 8 years 10 months ago

Here its a video of Domain Security from the Dr Jaspersoft:

More Videos:

mbamania's picture
Joined: May 18 2020 - 7:28am
Last seen: 11 hours 47 min ago