Configuring member-level security

This document shows how to configure member-level security on business cubes, report cubes and business views in a catalog.

1. In the Catalog Browser, do any of the following:
   • Expand the data source > Security node, right-click on Business View Security/Report Cube Security/Business Cube Security and select the edit command on the shortcut menu. The corresponding edit security dialog is displayed.
   • Select a business view or a business/report cube, expand it, then right-click on the Business View Security/Report Cube Security/Business Cube Security node and select the edit command on the shortcut menu. The corresponding edit security dialog is displayed.
   • When creating or editing a business view or a business/report cube, click Tools > Security Configuration on the menu bar. The corresponding edit security dialog is displayed.
   • When adding or editing a business view element or a business/report cube element using dialog, switch to the Security tab.

   See a sample dialog.

   

2. In the User/Group/Role panel, click to add users, roles, and groups manually or by importing from an XML file or from JReport Server. If you choose to add users manually in JReport Designer, the users should have been added in the JReport Server security system before the resources involving the member-level security are published to JReport Server so as for the member-level security to take effect.

   To edit a user/role/group, select it and click . In the corresponding edit dialog, edit it as required.

   To delete a user/role/group that is not wanted, select it and click .

3. Make a user/role/group selected.
4. In the Resources box, select the field to which you want to set the principal permission.
5. In the Data Security box, specify whether the principal can access values of the field.
6. If the selected field is a dimension/group field, you can specify which members of the field are allowed and which are denied for the principal.
   1. Click above the Allowed Set or Denied Set box. The Edit Values dialog appears. See the dialog.

      

   2. Choose a way of specifying the members: select members from the available list, or compose an expression to retrieve members. Only one can be used.
      • To select members, first check the Selected Values radio button.

        If you would like all the possible members of the field to be selected, select <All>.

        If you just want to select some of the members, leave <All> unchecked. Add them one by one by selecting one and then clicking . You can make use of the quick search toolbar to search for the required members.

      • To compose an expression, check the Expression radio button, then click . The Edit Conditions dialog appears. See the dialog.

        

        Click the Add Condition button to add a condition line. Choose the operator with which to compose the condition expression from the operator drop-down list. From the value drop-down list, specify the value of how to build the condition. You can also type in the value manually. Click Add Condition to add more condition lines and define the relationship between the condition lines.

        To make some conditions grouped, select them and click the Group button, then the selected conditions will be added in one group and work as one line of filter expression. Conditions and groups together can be further grouped. To take any condition or group in a group out, select it and click Ungroup.

        To adjust the priority of the conditions, select it and click the Up or Down button.

        To delete a condition line, select it and click the Delete button.

   3. Click OK to save the values.
   4. If a user is selected, check whether the unspecified members are available to the user.
7. In the Resource Security box, specify whether you want the field to be visible to the principal.
8. Repeat steps 4 to 7 to customize the principal's permissions on other fields.
9. Repeat steps 3 to 7 to customize other principals' permissions on different fields.
10. When finished, click OK in the dialog.
11. Save the catalog.

    When you save the catalog, the permission settings are also saved and they are saved in an authorization file in the same folder as the catalog file. The catalog and authorization files have the same file name but different extensions, for example, if the catalog file is test.cat, the authorization file will be named test.auth. The authorization file is loaded by the view authorization manager of its catalog during runtime.

See also Edit Business View Security dialog, Edit Business Cube Security dialog, Edit Report Cube Security dialog for addition information about options in the dialogs.