Implementing Security for Reports based on the Data-Warehouse

Data-security for reports based on the data-warehouse will ALWAYS be based on the "User-Person-Link".

Prerequisites

Prerequisites

  • If you intend to filter on a certain attribute, the system needs to be able to establish a link from the User Menu path separator to Person Menu path separator <attribute>.
  • In other words: the attribute used for a filter must be part of the Person record.

Note

NOTE:

  • Once security has been applied, you may no longer be able to 'preview' the report in the Report Designer.
  • Therefore it is important to only add the security after you have finished designing the report.
  • To verify the filter, you will need to run the report from within Evotix 360.

Report Security - generic Information

To implement security, you will need to include a WHERE condition in your SQL script which will then work as the security filter for the report.

A key element for this filter is a Pentaho Environment Variable: env::username

If you want to ...

Perform these steps ...

Apply data security to a record, so that a report only shows records to which a user has access.

To apply data security to a report, you will have to

  • Define and save a filter, which makes use of the ID of the current user. To do so, you can apply the Pentaho Environmental Variable by using the syntax:

    ${env::username}

    The following example retrieves the current user's Department Details:

    SELECT
    "dbo"."rt_person"."dwk_department",
    "dbo"."rt_person"."user_name"
    FROM
    "dbo"."rt_person"
    WHERE
    "dbo"."rt_person"."user_name" = ${env::username}

    In this example, this filter was saved as "Get Department from User Person Link"
  • Apply and save a Report Parameter, where the above filter is being applied. To allow this parameter to work as a security filter, please make that the following settings are applied:

    - Mandatory = Yes
    - Hidden = Yes
    - Display Type = <blank>
    - Use first value if default value formula results in NA = Yes

    Report Designer - parameter edit window for security filter

Link Parameter

Like with any other parameter, you can link this parameter to other parameters.

  • Sample Requirement
    A report "Incident by Responsible Supervisor" needs to be created where
    - a user can select from a list or persons
    - but this list must only show persons who work in the user's department.
  • Solution:
    You apply a filter to the SQL script which is used to retrieve the 'Users', which in turn is used to feed the parameter:

    SELECT distinct
    Persons.last_name,
    Persons.dwi_person,
    Persons.dwk_department,
    (Persons.last_name + ', '
    + Persons.first_name) as FullName

    FROM "dbo"."rt_incident" as Incidents
    LEFT OUTER JOIN "dbo"."rt_person" as Persons ON Incidents.dwk_responsible_supervisor = Persons.dwi_person

    INNER JOIN "dbo"."rt_department" as Departments ON Persons.dwk_department = Departments.dwi_department

    INNER JOIN "dbo"."dn_department_parent_department_cl" as Rollups ON Departments.dwi_department = Rollups.dwk_department

    INNER JOIN "dbo"."rt_department" as ParentDepartment ON ParentDepartment.dwi_department = Rollups.dwk_parent_department

    WHERE Rollups.dwk_parent_department = ${UserPersonLink}
    -- This value is returned from the hidden "security" parameter in the report, as shown above.

    ORDER BY
    Persons."last_name" ASC

See Also

Implementing Data-Security for Reports

Implementing Data Security for Reports based on a Data Cube (Schema)