Setting up a connection-scope security policy
To set up a connection-scope security policy, or in other words, to add a data source security entry to a data source connection in a catalog, follow the steps below:
- In JReport Designer, open the required catalog, then in the Catalog Browser, select the data source to which you want to add the security policy.
- Right-click Security Entry under the Security node and then select Add Security Entry from the shortcut menu.
- In the Input Security Name dialog, enter a name for the security policy, click OK, and the Security dialog will be displayed. See the dialog.
- In the User/Group/Role panel, click to add users, roles, and groups manually or by importing from an XML file or from JReport Server.
To edit a user/role/group, select it and click . In the corresponding edit dialog, edit it as required.
To delete a user/role/group that is not wanted, select it and click .
- Make a user/role/group selected.
- To apply record-level security, check the Valid RLS box. To apply column-level security, check the Valid CLS box.
- Leave the Disable Policy Settings option unchecked.
- In the Record Level Security tab, specify the security conditions for the user/role/group.
To build condition statements, specify the expression in the first field. It can be DBFields, formulas, parameters, or some special fields. Select an operator from the Operator drop-down list, and then specify the value to complete the editing of a row. If you want to append a new row, in the More drop-down list, select AND or OR.
Values |
Description |
AND |
Specifies the relationship between two expression statements as logical AND. If this line is the last line in the expression list, when you select AND or OR, a new line will be appended to the end of the list. |
OR |
Specifies the relationship between two expression statements as logical OR. If this line is the last line in the expression list, when you select AND or OR, a new line will be append to the end of the list. |
Insert Row |
Inserts a new line behind the current line. |
Delete Row |
Deletes the current line. |
New Group |
Adds a new expression group to the list. The relationships between two groups can be:
- AND - Logical AND relationship between two groups. Records satisfying both condition groups will be retrieved.
- OR - Logical OR relationship between two groups. Records satisfying either one of the condition groups will be retrieved.
- AND NOT - Records satisfying the first and not the second condition group will be retrieved.
- OR NOT - Records satisfying the first or not the second condition group will be retrieved.
|
- In the Column Level Security tab, make a choice:
- Check the Select Column option and check the boxes to select the DBFields, formulas, parameters, or summaries. You can set the selected items to be shown or hidden from the user/role/group by checking the Allow or Deny option. For the unselected columns, the user/role/group will have no permission on them.
- Choose Allow all to show all the columns to the user/role/group.
- Choose Deny all to hide all the columns from the user/role/group.
- Repeat steps 5 to 9 to customize another principal's record-level security and column-level security settings.
- If necessary, you can export the security information defined in the security policy to an XML file.
- Upon finishing, click the OK button to create the security policy.
Once a security entry is created, you can further edit it, rename it, or delete it according to your requirement. To do this, right-click the security entry in the Catalog Browser resource tree and select the corresponding option on the shortcut menu.
Adding principals manually
To add a user:
- Click in the User/Group/Role panel and then select Add User from the drop-down menu. The Add User dialog is displayed. See the dialog.
- In the General tab, specify the name, e-mail address, and description for the user.
- In the Relation tab, from the Roles box select the roles that you would like the user takes, and then from the Groups box select the groups to which you want the user belongs.
- Click OK to create the user.
To add a group:
- Click in the User/Group/Role panel and then select Add Group from the drop-down menu. The Add Group dialog is displayed. See the dialog.
- In the General tab, specify the name and description for the group.
- In the Relation tab, from the Users box select the users that you would like to add to the group, and then from the Roles box select the roles to add to the group.
- Click OK to create the group.
To add a role:
- Click in the User/Group/Role panel and then select Add Role from the drop-down menu. The Add Role dialog is displayed. See the dialog.
- In the General tab, specify the name and description for the role.
- In the Relation tab, from the Users box select the users that you would like to add the role to, and then from the Groups box select the groups to add the role to.
- Click OK to create the role.
Importing security information from JReport Server
Besides defining users, roles and groups in JReport Designer, you can also use the users, roles and groups defined in JReport Server by importing them from the server. Before importing, make sure that JReport Server has been started. Then:
- Click in the User/Group/Role panel and then select Import from JReport Server from the drop-down menu.
- In the Import from JReport Server dialog, specify the server information as required. See the dialog.
- Specify whether to replace or merge users, roles and groups with JReport Server by checking the corresponding radio button.
- Click OK to start importing.
Importing/exporting security information from/to external XML files
You can import or export your security information from/to external XML files (*.acl.xml).
- To import the security information from an XML file, click in the User/Group/Role panel and then select Import from File from the drop-down menu. In the Open an xml file dialog, select the XML file that contains the required security information and then click Open.
- To export the security information to an XML file, click in the User/Group/Role panel. In the Save dialog, specify the name of the file and the location where to save it, then click Save.
The security information contained in the XML file is shown as follows:
You can create your own XML format security information files according to the above structure. However, the best way to generate an XML security information file is to use the Security dialog. With this dialog, you can edit the security information, and then export it to an external XML file.
For example, if the simple security policy has been set up as follows:
USER |
User Name: |
d_d_u1 |
Belongs to Role: |
d_d_r1 |
Permissions: |
(@"Customer ID">=5 AND @"Customer ID"<=10) AND @"YTD Sales"<=65000 |
ROLE |
Role Name: |
d_d_r1 |
Belongs to User: |
d_d_u1 |
The corresponding XML code would be:
<ACL version="1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ACLEntry>
<User>
<Roles>d_d_r1</Roles>
<UserName>d_d_u1</UserName>
<SourceName>UserDefined</SourceName>
</User>
<Permission>
<PermissionType>RLS</PermissionType>
<PermissionName>visible</PermissionName>
<Policy>
<SCGroup>
<AndCondition>
<logic>AND</logic>
<Left>@"Customer ID"</Left>
<operator>>=</operator>
<Right>5</Right>
</AndCondition>
<AndCondition>
<logic>AND</logic>
<Left>@"Customer ID"</Left>
<operator><=</operator>
<Right>10</Right>
</AndCondition>
</SCGroup>
<SCGroup>
<AndCondition>
<logic>End</logic>
<Left>@"YTD Sales"</Left>
<operator><=</operator>
<Right>65000</Right>
</AndCondition>
</SCGroup>
</Policy>
</Permission>
</ACLEntry>
<ACLEntry>
<Role>
<RoleName>d_d_r1</RoleName>
<Users>d_d_u1</Users>
<SourceName>UserDefined</SourceName>
</Role>
<Permission>
<PermissionType>RLS</PermissionType>
<PermissionName>visible</PermissionName>
<Policy></Policy>
</Permission>
</ACLEntry>
</ACL> |
Note: If you want to use XML security information, you must first purchase a special license. For more information, contact Jinfonet Support (support@jinfonet.com).