In addition to the security system based on users, groups and roles, JReport Server also supports a role based security system in which permissions are defined on roles only, and users and groups are mapped to roles.
To switch to the role based security system, you can use either of the following two methods:
Check the Role Based Authorization option on the JReport Administration page > Configuration > Advanced panel.
By default, the option is unchecked and the security mechanism of setting permissions for users, groups and roles is applied. If the option is checked, the Permission Setting UI Displays option will be hidden automatically, since it is used to control UI display and is of no use in the role based security environment.
In the server.properties file, set server.rolebased.authorization to true.
In this case, the following three properties will not take effect since they control UI display of setting user/group/role permissions:
server.ui.set_permissions.group
server.ui.set_permissions.role
server.ui.set_permissions.user
If the role based security system is used, in both the JReport Administration page (port 8889 by default) and Console page (port 8888 by default), when you set permissions of a resource node, there are only roles displayed. Role only based security is similar to Java EE security where the developer assigns roles and during deployment users and groups can be mapped to the roles so if you are already using Java EE security, this would be the best method.