Managing organizations

JReport Server administrator can organize users into different groups with the organization feature. An organization is a group of users that has its own administrator. The organization administrator can define which users can use which dynamic connections within the organization.

There are two types of admin in the server security system:

• Root admin
  The administrator who has the administrators role. It must be a non-organization user. Root admin can manage all the dynamic connections.
• Organization admin
  The administrator who has the administrators role in an organization. Organization admin can manage dynamic connections for users/groups/roles in the organization.

There are two types of normal users in the server security system:

• Non-organization users
  Belong to no organizations.
• Organization users
  Belong to specific organizations.

Organization is a separately licensed feature of JReport Server. It is installed together with JReport Server so only the license key needs to be updated to enable it to work. To find out how to license Organization please contact Jinfonet sales at sales@jinfonet.com or contact your Enterprise Account Manager.

When organization is enabled, you need to specify the organization name before logging in JReport Server. The available organizations are listed in the drop-down list for selection. The organization item System means that the login user is a non-organization user. For organization users, the correct organization name must be provided, otherwise they cannot log in.

When organization is disabled, only non-organization users can log in.

Organization definition

Within each organization, there is a built-in admin and two built-in roles:

• Built-in admin
  • The full name of the default admin is organization administrator, also as organization admin.
  • The default admin's user name is admin.
  • The default admin password is admin, which could be changed by the organization admin itself. If the password is forgotten, the JReport root admin can retrieve it since the root admin can reset password for all users.
  • The default admin owns the administrators role and everyone role by default, and it must always have the administrators role.
• Two built-in roles
  • administrators
    It has no parent role by default. It enables Publish and Advanced Properties privileges by default.
  • everyone
    It has no parent role by default. It disables Publish and Advanced Properties privileges by default.

Organization name cannot be System since the name has been used for the category name to represent non-organization users.

Organization users and non-organization users

Users, groups, and roles created in an organization are called organization users/groups/roles. And users, groups, and roles that do not belong to any organization are called non-organization users/groups/roles. When upgrading from a version earlier than version 13, the users, groups, and roles in the earlier version are all regarded as non-organization principals.

An organization user/group/role can belong to any other non-organization group/role, but a non-organization user/group/role cannot belong to any organization group/role. An organization user/group/role cannot belong to any group/role of other organizations.

Organization admin cannot add users/groups/roles to non-organization groups/roles. Only root admin can do that.

The naming rule of an organization user is composed of the organization name and the user name separated by \. The format is [Organization Name]\[User Name]. For example, a\b, here a is the organization name and b is the user name.

If organization is disabled, the organization users/groups/roles will not be supported. However the information will be saved in the server and can be retrieved next time when organization is enabled again.

Relationship with dynamic connections

The dynamic connections are categorized at the organization level. If the root admin creates a dynamic connection, the connection maps to no organization. If an organization admin creates a dynamic connection, the connection maps to the organization.

If a dynamic connection is defined in an organization, all users/groups/roles must be from the same organization. If a connection is defined in non-organization, all users/groups/roles must be from non-organizations.

Root admin can define, view and edit all the dynamic connections.

Creating organizations

The root admin can create and delete organizations.

To create an organization:

1. On the JReport Administration page, click Configuration on the system toolbar and then select Organizations from the drop-down menu.
2. In the Organizations panel, click the Create link. The Create Organization dialog is displayed. See the dialog.

   

3. Specify the name of the organization, the maximum number of users allowed in the organization, and the description about the organization, then click OK.

   The organization will be created and listed in the Organizations panel.

See also Create Organization dialog for details about the options in the dialog.

In the Organizations panel, the root admin can further edit the maximum number of users in the organizations, or delete the organizations that are not required.

• To edit the maximum number of users in an organization, double-click its number in the Max Number of Users column to enter the edit mode. Select a value from the drop-down list or input an integer number in the combo box directly, then click outside of the combo box to accept the change. The x in the combo box is used to clear the input text.
• To delete an organization, select the checkbox ahead of the organization and then click Delete. To delete all the organizations at a time, select the checkbox on the column header and then click Delete.

JReport Administration page for organization admin

After the root admin create an organization, the organization admin of the organization will be able to log in JReport Server by the default user name admin and the default password admin.

On the JReport Administration page, the organization admin is able to define users, groups, roles, and dynamic connections for the users within the organization.

The JReport Administration page contains two tabs on the system toolbar for organization admin:

• Configuration
  The Configuration tab displays the Dynamic Connections panel directly. The organization admin can define dynamic connection for the users in the organization.
• Security
  The security tab contains four items: User, Group, Role, and Privilege. For each item the UI is the same as that on the normal JReport Administration page. The differences are that organization admin can only see the users/groups/roles in the organization and cannot change the realm.

Connecting to JReport Server from JReport Designer

In JReport Designer, when publishing resources to JReport Server or synchronizing server users for CLS/RLS/MLS, you need to connect to the server firstly. In the Connect to JReport Server dialog, User Name should include the organization name when organization is enabled and when the user is an organization user. Use \ to separate the organization name and the user name, for example, org1\user1.

Accessing JReport Server Monitor

Only the root admin can log onto JReport Server Monitor and see both organization and non-organization information.