Built-in security system

JReport Enterprise Server provides a built-in security system for you to set up and maintain security on it and protect resources from inappropriate access by users.

The below diagram illustrates the built-in security structure in JReport Enterprise Server:

And the below diagram illustrates the inherited relationship among User, Group and Role.

JReport Enterprise Server offers these security features:

• Realm
  Realm is an abstract security concept, which hosts the resources and authentication entities on JReport Enterprise Server. There can be more than one realm on the server and each realm is independent from others. The resources and authentication entities that reside in different realms are different.

  At runtime, only one realm can be active and only the users and resources in the active realm are accessible. A realm is identified by a unique name, which can contain any characters other than forward slash (/) and backward slash (\).

  The authentication entities consist of user accounts, group accounts and role accounts.

• User
  To use JReport Enterprise Server, you must have a user account, which consists of a unique user name and password. JReport Enterprise Server verifies your identity when you type in your user name and password, and then logs you on. If your user account has been disabled or deleted, JReport Enterprise Server prevents you from accessing the web services that it provides, in order to ensure that only valid users have access.

  JReport Enterprise Server comes with two built-in user accounts, admin and guest. The built-in user accounts cannot be deleted. The Admin user account can neither be deleted nor disabled.

• Group
  The principle group, which represents an organization of user accounts, is available for managing users. Users or groups can be added into a group as its child members, and therefore inherit the resource and folder permissions from the group.
• Role
  Users must have certain user rights and permissions in order to perform tasks on resources. Roles, which represent an aggregate of permissions, help you to efficiently assign the appropriate user rights and permissions to users. Assigning roles to users gives the users all of the user rights and permissions of the roles to perform their jobs with. A role can also be assigned to other groups or roles, and thus groups or roles can inherit the permissions of other roles. JReport Enterprise Server comes with two built-in role accounts, administrators and everyone. The built-in role accounts cannot be deleted. The administrator role account can neither be deleted nor disabled.
• Permission
  

  Permissions, associated with resources and folders, are the rules that are granted to users to control their access to the resources and folders.

  Permissions in JReport Enterprise Server include:

  Permission	Description
  Visible	Allows or denies viewing object names in the resource tree or version table, such as folders, resources, and archive versions.
  Read	Allows or denies viewing object properties, versions, and, if it is a folder, folder content.
  Write	Allows or denies publishing folders and resources, changing the properties (not including permission settings) of the objects in the resource tree or version table, such as folders, resources, and archive versions, and modifying version table settings.
  Delete	Allows or denies deleting objects in the resource tree or version table, such as folders, resources, and archive versions.
  Execute	Allows or denies running resources in normal and Advanced mode (report type resources only).
  Schedule	Allows or denies submitting resources to schedules (report type resources only).
  Grant	Allows or denies granting permissions to other users, groups or roles.

• Privilege
  Privilege is a mode for managing permissions. It can be used to manage different access permissions unrelated with nodes. JReport Enterprise Server offers two types of privileges for users: Publish and Advanced Properties. Users that are granted the Publish privilege will be able to publish resources to JReport Enterprise Server, while users that have the privilege of Advanced Properties are allowed to view advanced information of version properties such as catalog connections and report set related resources.
• Alias
  JReport Enterprise Server organizes file and directories into a Resource Tree. Aliases are used to provide different "views" of a tree for different users to enter the Resource Tree. For example, you may set an alias resource tree (based on the resource tree) for Tanya, so that she can only see the market resource node and thus can directly walk into the report set file she is interested in. In summary, an alias is a combination of users and resource nodes.

To manage JReport Enterprise Server's built-in security, you must be a member of the administrator role in order to access the JReport Administration page.

Related topics:

• Managing security