Knowledge Base (Display) Knowledge Base (Display)

How to define reports access permissions

How to define reports access permissions

With Visioneo PE we publish BIRT reports in 'document & media' folders, taking advantage of all  portal features including access permissions

Folder permissions

By using a portal repository, we can define precisely which reports a user role is allowed to run ! These access permissions can be set either on a portal subfolder containing reports (Liferay makes use of permission inheritance) or directly on specific report documents ".rptdesign".

Usually this awesome feature is reserved to extremely expensive reporting software. Though portlet applications offer many benefits, the ability to use the  security layer of portals is one of them! In this example we edit permissions of a folder named "Professional", and we remove access permission to guest users:

Assuming guest users have a read access on other subfolders, here is what a guest would see by opening  the report browser in "debug mode". Please note normally that folder "Professional" would not be displayed at all , we show it here in debug mode for a demonstration purpose:

Security Exception

Here is a typical use case raising a security exception: let's assume a webmaster wants to create a new page including a visioneo portlet window.

  • He adds a new portal page with a guest access permission
  • He adds a Visioneo portlet window with a guest access permission
  • However he selects a report from our "Professional" folder which has a member access only ("access" and "view" permissions are disabled for guest users, such on screenshot above)

If a guest user lands on that page an exception such below occurs. Permissions are dynamically taken into consideration: in this example if we edit the sample folder "Professional" and give access permission to guests, the report is displayed as expected as soon as the page is refreshed!

Of course in a normal use you will never see this exception, because administrators will make page permissions and report permissions consistent. This is a safeguard ensuring your sensitive reports can't be accessed in any way by unauthorized users .

Try it yourself! On visioneo.org, for a demo purpose a reports folder "Members only" has been created: we need to be logged as a portal user to run reports of this folder, otherwise a security exception is thrown. For example this report has been moved there. Try to run it as a guest and then as a logged user. Furthermore by opening the reports browser of the toolbar, you might notice the folder "Members only" is available only when you are logged.

Site membership

If your portals has multiple sites, users membership should probably be your favorite way to handle report access permissions. Actually you don't have anything special to do: just define your users membership as you usually do with Liferay and define a BIRT repository for each site you want to restrict.

BIRT repositories are fully segregated using a portal-level security:  for example a user navigating on site B1 has absolutely no way to access reports of site B2 if he is not a member of this site.

Tags: architecture admin
Average (0 Votes)
Most Recent
21 October 2016
08 February 2016
28 October 2015
26 October 2015
08 October 2015
01 April 2015
01 April 2015
23 March 2015
23 March 2015
04 March 2015