I have a business database where some users (role Manager) have access to multiple and different "sites" (there are numerous combinations, so having a different role for each is out of purpose - managed sites evolve during time).
I need to provide row level security where each Manager has only access to his sites data.
From what I read for now, domain seems the way to go but on every sample I found (as this one), user profile attributes are "hardly set" in the database/user profile attribute configuration.
Is there a way to dynamically get sites from the business database? Shall we synchronize business database with user profile attributes?
I didn't find any clue in the Authentication cookbook.
What's the best practice on this?
Finally, it is not very clear for me, is Domain only a commercial feature?
Domain is a commercial edition feature that is not available in JRS community edition of the product. In the current version of JRS-Pro (AKA commercial edition) 5.5, user can use user profile attribute to secure/select its data. User can code their own Java logic to create or update user profile table entries through external authentication custom processor. This is discussed in JasperReports Server Authentication Cookbook, section 6.3 "Creating a Custom Processor".
In the upcoming JRS 5.6 release (in May 2014), its external authentication framework will allow token based protocol that user can inject user profile data through SSO directly.
Thank tchen for your answers, it is exactly what I need to know.