Security

JReport Server provides a security system for setting up and maintaining security on it, allowing you to protect your resources from inappropriate access by other users.

To help you understand security in detail, the following security features with their concepts are described below:

Realm

A realm is an abstract security concept, which hosts the resources and authentication entities on JReport Server. There can be more than one realm on the server and each realm is independent from others. The resources and authentication entities that reside in different realms are different.

At runtime, only one realm can be active and only the users and resources in the active realm are accessible. A realm is identified by a unique name, which can contain any characters other than forward slash (/) and backward slash (\).

The authentication entities consist of user accounts, group accounts and role accounts.

User

To use JReport Server, you must have a user account, which consists of a unique user name and password. JReport Server verifies your identity when you type your user name and password and then logs you on. If your user account has been disabled or deleted, JReport Server prevents you from accessing the services that JReport Server provides, in order to ensure that only valid users have access.

JReport Server comes with two built-in user accounts, which are admin and guest. The built-in user accounts cannot be deleted. The admin user account can neither be deleted nor disabled.

Group

The principal group, which represents an organization of user accounts, is available for managing users. Users or groups can then be added into a group as its child members, and therefore inherit the resource and folder permissions from the group.

Role

Users must have certain user rights and permissions in order to perform tasks on resources. Roles, which represent an aggregate of permissions, help you to efficiently assign the appropriate user rights and permissions to users. Assigning roles to users gives them the user rights and permissions that they require to perform their jobs with. A role can also be assigned to other groups or roles, and thus groups or roles can inherit the permissions of other roles.

JReport Server comes with two built-in role accounts, which are administrators and everyone. The built-in role accounts cannot be deleted. The administrator role account can neither be deleted nor disabled.

Permission

Permissions, associated with resources and folders which locate in the Public Reports or Public Components folder, are the rules that are granted to users to control their access to resources and folders.

Permissions in JReport Server include:

Permission Description
Visible Allows or denies viewing object names in the resource tree or version table, such as folders, resources, and archive versions.
Read Allows or denies viewing object properties, versions, and, if it is a folder, folder contents.
Write Allows or denies publishing folders and resources, changing the properties (not including permission settings) of the objects in the resource tree or version table, such as folders, resources, and archive versions, and modifying version table settings.
Execute Allows or denies running reports in normal and Advanced mode (for report type resources only) or running dashboards in the view mode (for dashboard type resources only) or opening Visual Analysis templates in Visual Analysis (for analysis type resources only).
Edit Allows or denies running dashboards in the edit mode (for dashboard type resources only).
Schedule Allows or denies submitting resources to schedules (for report type resources only).
Delete Allows or denies deleting objects in the resource tree or version table, such as folders, resources, and archive versions.
Grant Allows or denies granting permissions to other users, groups or roles. Users, groups or roles that have obtained the Grant permission are also endowed with the other permissions, and can grant these permissions except the Grant permission itself.
Update Status Allows or denies updating report status, and if it is a folder, the status of reports in the folder.

Privilege

Privilege is a mode which manages permissions. It can be used to manage different access permissions unrelated with nodes. Privilege of JReport Server manages the following access permissions for users:

Alias

JReport Server organizes files and directories into a Resource Tree. Aliases are used to provide different "views" of the tree for different users. For example, you may set an alias resource tree (based on the resource tree) for Tanya, so that she can only see the marketing resource node and can directly enter into the report folder she is interested in. An alias is a combination of users and resource nodes.

Organization

JReport Server administrator can organize users into different organizations. An organization is a group of users, groups, and roles that has its own administrator. The organization administrator can define which users can use which dynamic connections within the organization.

Related topics: