Home
Analytics
BIRT Data security
billncrist
What is the best practice for an environment where different users would run the same reports with different security requirements on the data side. In other words, user J works for dept 1 and should have all their reports filtered to display only dept 1?s data. User K works for dept 2 and needs to run the same reports with different parameters and should similarly have their reports filtered for only dept 2?s data. How is Actuate resolving this common need with BIRT & iPortal installations?
Find more posts tagged with
Comments
engfeda
See this thread for adding a post-processing to your dataSets<br />
<br />
<a class='bbc_url' href='
http://dev.eclipse.org/newslists/news.eclipse.birt/msg06066.html'>http://dev.eclipse.org/newslists/news.eclipse.birt/msg06066.html</a><br
/>
<br />
I saw this as well...<br />
<br />
<a class='bbc_url' href='
http://dev.eclipse.org/newslists/news.eclipse.birt/msg06060.html'>http://dev.eclipse.org/newslists/news.eclipse.birt/msg06060.html</a>
;
rmurphy
From the iServer Express and BIRT Deployment Kit (iPortal), the username for the logged in user gets passed in the reportContext. This can be used to affect the queries that are supplying the data to the report. <br />
<br />
You can see more about this at <a class='bbc_url' href='
http://www.birt-exchange.org/devshare/designing-birt-reports/122-filter-birt-jdbc-query/#description'>http://www.birt-exchange.org/devshare/designing-birt-reports/122-filter-birt-jdbc-query/#description</a><br
/>
<br />
Rob
ubhatt
Actuate iServer Express V10 which is currently in beta right now provides many different ways of accomplishing this. Most prominent are<br />
<br />
1) Page level security - Actuate iServer express V10 offers Page Level Security, a unique and powerful capability that generates a single document, which includes security rules that determine which pages a user can see, print or save. Page Level Security allows a single piece of content to be generated and deployed that addresses the secure information distribution needs of many users. PLS reduces the load on the underlying data source by invoking a single query. PLS reduces the number of report instances to one. And, because a single document is generated, PLS eliminates the management necessity to secure individual access locations.<br />
<br />
2) Row level security - BIRT reports deployed via Actuate iServer express V10 can leverage enhanced data access functionality whereby at execution time, the engine will automatically pass user specific credentials in the filter clause of the report query. Thus the data available for the report will be automatically filtered based on the user.<br />
<br />
3) Report parameters - Developers can also design reports with specific parameters whose values are then passed along in the WHERE clause of the report query. This ensures that the dataset available for the report is automatically filtered based on who the user is and what he/she is trying to do.<br />
<br />
To learn more about Actuate 10 iServer Express beta, please review more information at the following link<br />
<br />
<a class='bbc_url' href='
http://www.birt-exchange.com/wiki/Actuate_10/'>http://www.birt-exchange.com/wiki/Actuate_10/</a><br
/>
<br />
Utpal
drh
<blockquote class='ipsBlockquote' data-author="ubhatt"><p>Actuate iServer Express V10 which is currently in beta right now provides many different ways of accomplishing this. Most prominent are<br />
<br />
...<br />
<br />
2) Row level security - BIRT reports deployed via Actuate iServer express V10 can leverage enhanced data access functionality whereby at execution time, the engine will automatically pass user specific credentials in the filter clause of the report query. Thus the data available for the report will be automatically filtered based on the user.<br />
<br />
...<br />
<br />
Utpal</p></blockquote>
<br />
Version 10 has been released. Is row level security available? I can't find anything in the documentation about it.<br />
<br />
Thanks.
averma
Hi drh:<br />
<br />
Row-level security is supported through the use of information objects. Here is the link to the document for designing information objects.<br />
<a class='bbc_url' href='
http://www.birt-exchange.com/documentation/Manuals10/designing-information-objects.pdf'>http://www.birt-exchange.com/documentation/Manuals10/designing-information-objects.pdf</a><br
/>
<br />
Ashwini
mady_02
Hi All,<br />
<br />
I am new to BIRT. Just want to know if I can achieve this level of (report or dataset) security in Eclipse BIRT Designer 2.3.2. <br />
<br />
I am not using Actuate.<br />
<br />
Thanks in Advance..<br />
<br />
<br />
<blockquote class='ipsBlockquote' data-author="engfeda"><p>See this thread for adding a post-processing to your dataSets<br />
<br />
<a class='bbc_url' href='
http://dev.eclipse.org/newslists/news.eclipse.birt/msg06066.html'>[news.eclipse.birt]
Re: Enforcing Security in reports</a><br />
<br />
I saw this as well...<br />
<br />
<a class='bbc_url' href='
http://dev.eclipse.org/newslists/news.eclipse.birt/msg06060.html'>[news.eclipse.birt]
Re: Enforcing Security in reports</a></p></blockquote>
rmurphy
You would have to pass the user into the report either as a parameter or a value in the report context. You would then have to use scripting to affect your query based on the user id passed into the report. The following DevShare post shows an example of tweaking the query based on the ServerUserName variable into the report.<br />
<br />
<a class='bbc_url' href='
http://www.birt-exchange.org/devshare/designing-birt-reports/122-filter-birt-jdbc-query/#description'>Filter
BIRT JDBC Query - Designs & Code - BIRT Exchange</a><br />
<br />
Since you are not using Actuate products, you would have to handle passing the username into the report.<br />
<br />
Rob
mady_02
Thanks for the reply.
One more thing, out of this security track..
How much max volume of data a BIRT report can handle?
I posted this query in this thread only as I was not able to create any threads
Thanks in Advance
rmurphy
The limit to the amount of data a BIRT report can handle is more of a function of the memory and disk allocation of the system running the report. In addition, if you are using the BIRT Engine, you would be better served to separate the report generation into using a Run task and then a Render task rather than attempted to use the RunAndRender task.
Rob
mady_02
Thanks you
mady_02
Thanks You<br />
<br />
<br />
<blockquote class='ipsBlockquote' data-author="rmurphy"><p>The limit to the amount of data a BIRT report can handle is more of a function of the memory and disk allocation of the system running the report. In addition, if you are using the BIRT Engine, you would be better served to separate the report generation into using a Run task and then a Render task rather than attempted to use the RunAndRender task. <br />
<br />
Rob</p></blockquote>
