JReport Enterprise Server provides a security system for setting up and maintaining security on it, allowing you to protect your resources from inappropriate access by other users.
To help you understand security in detail, the following security features with their concepts are described below:
A realm is an abstract security concept, which hosts the resources and authentication entities on JReport Enterprise Server. There can be more than one realm on the server and each realm is independent from others. The resources and authentication entities that reside in different realms are different.
At runtime, only one realm can be active and only the users and resources in the active realm are accessible. A realm is identified by a unique name, which can contain any characters other than forward slash (/) and backward slash (\).
The authentication entities consist of user accounts, group accounts and role accounts.
To use JReport Enterprise Server, you must have a user account, which consists of a unique user name and password. JReport Enterprise Server verifies your identity when you type your user name and password and then logs you on. If your user account has been disabled or deleted, JReport Enterprise Server prevents you from accessing the services that JReport Enterprise Server provides, in order to ensure that only valid users have access.
JReport Enterprise Server comes with two built-in user accounts, which are admin and guest. The built-in user accounts cannot be deleted. The admin user account can neither be deleted nor disabled.
The principle group, which represents an organization of user accounts, is available for managing users. Users or groups can then be added into a group as its child members, and therefore inherit the resource and folder permissions from the group.
Users must have certain user rights and permissions in order to perform tasks on resources. Roles, which represent an aggregate of permissions, help you to efficiently assign the appropriate user rights and permissions to users. Assigning roles to users gives them the user rights and permissions that they require to perform their jobs with. A role can also be assigned to other groups or roles, and thus groups or roles can inherit the permissions of other roles.
JReport Enterprise Server comes with two built-in role accounts, which are administrators and everyone. The built-in role accounts cannot be deleted. The administrator role account can neither be deleted nor disabled.
Permissions, associated with resources and folders, are the rules that are granted to users to control their access to resources and folders.
Permissions in JReport Enterprise Server include:
| Permission | Description |
|---|---|
| Visible | Allows or denies viewing object names in the resource tree or version table, such as folders, resources, and archive versions. |
| Read | Allows or denies viewing object properties, versions, and, if it is a folder, folder contents. |
| Write | Allows or denies publishing folders and resources, changing the properties (not including permission settings) of the objects in the resource tree or version table, such as folders, resources, and archive versions, and modifying version table settings. |
| Execute | Allows or denies running resources in normal and Advanced mode (report set type resources only). |
| Schedule | Allows or denies submitting resources to schedules (report set type resources only). |
| Delete | Allows or denies deleting objects in the resource tree or version table, such as folders, resources, and archive versions. |
| Grant | Allows or denies granting permissions to other users, groups or roles. |
Privilege is a mode which manages permissions. It can be used to manage different access permissions unrelated with nodes. Privilege of JReport Enterprise Server manages the following two access permissions for users:
JReport Enterprise Server organizes files and directories into a Resource Tree. Aliases are used to provide different "views" of the tree for different users. For example, you may set an alias resource tree (based on the resource tree) for Tanya, so that she can only see the marketing resource node and can directly enter into the report set folder she is interested in. An alias is a combination of users and resource nodes.