JReport Server provides a security system that protects the resources on the server from inappropriate access by users. In addition to controlling resource-level access, the security system can control access to certain fields or certain information based on the user's role or group level information.
As an alternative to the built-in security system, an LDAP Server can be used for JReport Security. JReport provides interfaces to synchronize with a variety of LDAP servers as well as directly authenticate to an LDAP directory.
Conversely, a Security token can be passed to JReport for authentication. JReport provides an interface for authentication.
To use JReport Server, you must have a user account, which consists of a unique user name and a password. JReport Server verifies your identity when you type your user name and your password and then log on. If your user account has been disabled or deleted, JReport Server prevents you from accessing the web services that JReport Server provides, in order to ensure that only valid users can access.
JReport Server comes with two built-in user accounts, which are admin and guest. The built-in user accounts cannot be deleted. The admin user account can neither be deleted nor disabled.
To create a user account:
Although it doesn't matter for this lesson, the Publish privilege is an important aspect of user definition. Users can either be granted or denied the ability to publish resources to the JReport Server based on the checkbox.
Make a note of the user credentials you specified in this step so that you can access them in the remainder of this lesson.
The newly-created user is listed in the User panel.
Users can be grouped. Often a set of users require the same security privileges. That is, everyone in the Sales organization can view the Sales reports. By creating a named group, you can efficiently manage the security of a set of users.
JReport Server can record user access and management information in the log files by auditing the user.
To audit the user:
Events are recorded in the log file.
Permissions, associated with resources and folders which locate in the Public Reports or Public Components folder, are the rules that are granted to users to control their access to resources and folders. The permissions include: Visible, Read, Write, Execute, Schedule, Delete, and Grant.
After you set permissions on a parent folder, new resources and sub folders created in the folder inherit these permissions. If you do not want them to inherit permissions, enable their user permissions and set their permissions separately. The resources and folders will inherit permission from their parent folder if their user permissions are not enabled.
To set, view, change, or remove resource permissions:
Users must have certain user rights and permissions to perform tasks on certain resources. Roles help you efficiently assign those user rights and permissions to users. Assigning one or more roles to users gives the users all of the user rights and permissions the roles have to perform their jobs with. A role can also be assigned to other groups or roles, and hence the groups or roles will inherit the resource and folder permissions that the roles have.
JReport Server comes with two built-in roles, which are administrators and everyone. The built-in roles cannot be deleted.