Report-scope security

The record-level security (RLS) can be of report scope, which is based on the security information file. That is, you can use the security information file to set the security policies for a report. Report-scope security policy doesn't support column-level security (CLS).

Report-scope security has a higher priority than connection-scope security. That is, if in a report, both connection-scope and report-scope security have been applied, only the report-scope security will take effect.

Setting up a RLS policy for a report

The following example shows you how to set up a record-level security policy for a report:

After you have set up RLS for reports in JReport Designer, you can then publish them to JReport Server as normal. Then, when you log onto JReport Server as different users, you will find that the record-level security settings have been applied to the report. Different users will only see the data that they are supposed to see.

Notes:

In the Record Level Security Information dialog, the data values provided in the drop-down list may not be valid for your database, because they are data values that have already been reformatted using your date format settings in JReport. For detailed information on how to set the date format in JReport Designer, see the Date Format explanation of the document Get JDBC Connection Information dialog.
If you want to use more values in one cell, use "|" to separate them (applies to User, E-mail, and Title column). This is useful when you want to apply the same conditions to multiple users. For example, if you want user1, user2, and user3 to share the same security setting, list user1, user2, and user3 in the same cell, separated by "|", and then define the security conditions.
Currently, you cannot save the security information to a file.
If you want to apply more than one condition expression to a user, you can edit the condition expressions in several individual lines, typing in the same user name for each line. For such compound conditions, the relationship among them is logical OR.
For example, both Customer ID >= 10 and Customer Name = 'Absolute Java' together will cause JReport Designer to retrieve records where customer ID is larger than or equal to 10 and the record with customer name equal to Absolute Java.

If you want to use logical AND for the relationship between each condition expression, use a formula that returns a Boolean value to filter the records. To specify the formula name for a report, in the Properties panel, select or type the formula name in the Function property entry.

For example, if user1 should only see records which satisfy the condition State = 'CO' and Customer ID >= 10, the formula should be:
if ( @State == 'CO' && @"Customer ID">= 10 ) return "user1"

If both the Record Level Security Information dialog and a formula have been used to control the security information, both will take effect. The relationship between them is logical OR.

When creating the text file to include the security information, use TAB to separate each column, and always keep the headings (User, Role, Column, and so on) in the first line of the text file. For example,

User	Role	Column	Operator	Value	E-mail	Title
admin	admin
user1		Customer ID	>=	10	user1@yoursite.com	Mr.
user1		Customer Name	=	'Absolute Java'
user2		Customer Name	IN	('Absolute Java','American Coffee Inc.')	user2@yoursite.com	Miss
user3		Phone	IN	('(212) 555-3462','(317) 555-1274')	user3@yoursite.com	Mrs.