Reporting Security

Discussions relating to version the "old" version 7 of Jiwa

Reporting Security

Postby Danny C » Fri Mar 19, 2010 1:04 pm

Whether v7 decides to go Crystal or Windows Reporting there should be security within Jiwa which will allow users to see (and run) reports or have them invisible.

Classic example is where users have no need to see General Ledger stuff, but currently the reports are still executable. The reports should also be restricted via user (or role) security.

I know that we can currently control report execution at the SQL level by setting SQL security based on the JiwaReports user, but that is cumbersome & technical & needs to be done by us JSPs.

cheers
User avatar
Danny C
Occasional Contributor
Occasional Contributor
 
Posts: 19
Joined: Tue Mar 04, 2008 2:25 pm

Re: Reporting Security

Postby jiwameister » Fri Mar 19, 2010 1:10 pm

Agreed, but one method could be that reports be attached to roles. So that if you belong to a specific role, you would have access to the list of reports. Given that the reports definition would be stored in the database, it should be possible to only return the list of reports that are accessible by role.

To make things easier for us JSP - there could be a default setup based on most likely use by role - leaving it to be modified customer by customer.
Glenn Lake
Managing Director
Lonicera Pty Ltd
http://www.lonicera.com.au
User avatar
jiwameister
Occasional Contributor
Occasional Contributor
 
Posts: 27
Joined: Sat Mar 01, 2008 11:36 pm
Location: Melbourne, Australia

Re: Reporting Security

Postby Danny C » Fri Mar 19, 2010 3:00 pm

yep - roles with report permissions would achieve it too.
User avatar
Danny C
Occasional Contributor
Occasional Contributor
 
Posts: 19
Joined: Tue Mar 04, 2008 2:25 pm

Re: Reporting Security

Postby Mike.Sheen » Sat Mar 20, 2010 1:47 am

Danny C wrote:Whether v7 decides to go Crystal or Windows Reporting there should be security within Jiwa which will allow users to see (and run) reports or have them invisible.

Classic example is where users have no need to see General Ledger stuff, but currently the reports are still executable. The reports should also be restricted via user (or role) security.

I know that we can currently control report execution at the SQL level by setting SQL security based on the JiwaReports user, but that is cumbersome & technical & needs to be done by us JSPs.

cheers


Can't you do this by having those users have a menu without such reports on it - and not giving them permission to edit menu's or change their assigned menu ?
Mike Sheen
Chief Software Engineer
Jiwa Financials

If I do answer your question to your satisfaction, please mark it as the post solving the topic so others with the same issue can readily identify the solution
User avatar
Mike.Sheen
Jiwa Shihan
Jiwa Shihan
 
Posts: 1448
Joined: Tue Feb 12, 2008 10:12 am
Location: North Sydney
Topics Solved: 486

Re: Reporting Security

Postby jiwameister » Mon Apr 19, 2010 2:26 pm

Mike.Sheen wrote:Can't you do this by having those users have a menu without such reports on it - and not giving them permission to edit menu's or change their assigned menu ?


Unless I am confused, I think you can have menu's for people, and that the menu will apply to whoever has the same menu definition.

What I was referring to was the ability to say - ok this user is part of the Financial Reporting role, but also the Sales Reporting Role, and their menu would build dynamically based on that.

What you are suggesting I think, would require a new menu definition with reports on it, for every potential role combination that may exist.
Glenn Lake
Managing Director
Lonicera Pty Ltd
http://www.lonicera.com.au
User avatar
jiwameister
Occasional Contributor
Occasional Contributor
 
Posts: 27
Joined: Sat Mar 01, 2008 11:36 pm
Location: Melbourne, Australia

Re: Reporting Security

Postby Mike.Sheen » Tue Apr 27, 2010 9:25 pm

jiwameister wrote:What I was referring to was the ability to say - ok this user is part of the Financial Reporting role, but also the Sales Reporting Role, and their menu would build dynamically based on that.

What you are suggesting I think, would require a new menu definition with reports on it, for every potential role combination that may exist.


Building a menu by masking multiple roles has been hotly debated in our office.

The Utopian outcome is what we all agree on wanting, but the technical details on how we achieve this elude us.

At this point I'm the security sentinel and have not seen an acceptable solution - rest assured the likes of Scott (Scott is an advocate of this feature) and yourself will present some sort of proposal in the future, and if it passes the security tests, it will be considered and subsequently implemented.

Until I can be completely satisfied security is not compromised, we cannot offer this feature.
Mike Sheen
Chief Software Engineer
Jiwa Financials

If I do answer your question to your satisfaction, please mark it as the post solving the topic so others with the same issue can readily identify the solution
User avatar
Mike.Sheen
Jiwa Shihan
Jiwa Shihan
 
Posts: 1448
Joined: Tue Feb 12, 2008 10:12 am
Location: North Sydney
Topics Solved: 486


Return to Archived - Jiwa 7

Who is online

Users browsing this forum: No registered users and 1 guest

cron