Page-level security

Page-level security is a security mechanism for controlling access to a report. It is implemented using these security properties in the group panel: Cascade, Grant, Groups, and Roles. The feature enables different users to view different groups according to their access privileges. It also applies to nested groups.

Setting up a page-level security policy for a report

The Cascade, Grant, Groups, and Roles properties are provided for building a report with page-level security. For details about the properties, see Security.

Below is an example which illustrates how to set page-level security:

1. In JReport Designer, create a banded report for customer information which is grouped by the Country field.
2. Create a formula to control the Grant property value. This formula returns a String value indicating which user will have the privilege to access which group of data.

   Here, we write the formula PLS_User to set the SID as follows:

   if (@Country == "China" || @Country == "Canada")
return "admin";
if (@Country == "USA")
return "jennifer";

   "admin" and "jennifer" are two users assigned by the JReport Enterprise Server administrator. The above formula states that, the user "admin" is authorized to view only the China and Canada groups, while the user "jennifer" can only view the USA group. If the formula is written as below:

   if ( @Country =="USA")
return "user1|user2|user3";

   Then, user1, user2, and user3 can view the USA group.

   Note: The returned value specified in the formula must be the same as the user ID defined in JReport Enterprise Server. Also, the user ID is case sensitive.

3. Create a formula PLS_Group to control the Groups property value. This formula returns a String value indicating which group of users will have the privilege to access which group of data.

   if(@Country=='Italy')
return 'group1';
if(@Country=='USA')
return 'group2';

4. Create a formula PLS_Role to control the Roles property value. This formula returns a String value indicating which role will have the privilege to access which group of data.

   if(@Country=='Japan')
return 'role1';
if(@Country=='USA')
return 'role2';

5. In the Report Inspector, select the node that represents the group. Then, in the Security section of the Properties panel, set Cascade to true, the Grant property's value to the formula PLS_User, Groups to PLS_Group, and Roles to PLS_Role.

Since the control of report access is not possible without user ID, the significance of this function is only apparent when other users try to access a report after it has been published to JReport Enterprise Server. When an end user views a report with page-level security on JReport Enterprise Server, the corresponding group will be displayed according to the SID.

In the above example, if "admin" belongs to group1 and role1, he will be able to view the China, Canada, Italy, and Japan groups. jennifer will be able to view only the USA group if she belongs to group2 and role2.

See also the following topics in the JReport Enterprise Server User's Guide for details about how to work with page-level security on the server side:

• Viewing a report with page-level security
• Scheduling a report with page-level security
• Example: E-mailing billing reports