Configuring security in Business Intelligence reporting
This topic describes the elements involved in configuring and regulating security in Reporting Profile and Business Intelligence reports in ClientSpace.
Configuring Reporting Profiles
Configuring security for Reporting Profiles for Business Intelligence reporting is a multi-step process. For a ClientSpace user to access data from BI reports, the user must have a Reporting Profile. These profiles, in combination with Dataform security, determine what data the user can access through the reports. This design ensures that if a user does not have access to a particular piece of data through the standard user interface (UI), they cannot access the data through reporting. The first step is to configure Reporting Profiles, which secure the tables and views used as datasources by the Reports interface.
To configure reporting profiles:
-
Go to System Admin > Security > Reporting Profile.
The Reporting Profile dashboard opens. -
For an existing profile, select a profile from the list and click (Jump).
-
Select the appropriate options: Allow Report Creation or Allow All Forms and Views.
-
Click Save.
To add a new profile:
-
Click Add.
-
In New Reporting Profile, in Profile Name, enter a name.
-
Select the appropriate options: Allow Report Creation or Allow All Forms and Views.
-
Click Save.
Reporting Profile security takes precedence over Report Security. The Reporting Profile security hides a report in the list if the user does not have access to all the tables called by the report.
Configuring the user profile
Now that you have the profile configured, you must add the profile to the user in question to enforce the form security.
To configure the user profile:
-
Go to System Admin > Users.
The Users dashboard opens. -
Open the user account (double-click an entry).
The User Details form opens. -
In Administrator Settings, in the Reporting Profile list, select a profile for the user.
-
Click Save.
Securing the report
The final step is to secure the individual reports. Report security in combination with the datasource security can be quite granular in its application.
To secure the report:
-
Open a report.
-
On the report, click the Misc tab.
-
To adjust the Share With section of the report, select a ClientSpace role containing the users in question and an appropriate Rights. The various rights levels are:
Full Access |
Report is available to the user to view, modify, and save changes to the report. Note that the owner user (UserName property of the ReportSet) is not changed on saving, that is the original owner (creator) of the report stays the same. |
Read Only |
Report is available to the user to view, add, or remove filters, and modify existing filter values. Also, the user can modify (design) the report but cannot save it. However, the user could Save As this report. |
View Only |
Report is available to the user to view, but not to modify in any way or save changes to the report. |
Locked |
Report is available to the user to view and modify existing filter values, but the user cannot add or remove filters or fields or save changes to the report. Note that modifying filter operator and/or filtered column is restricted as well. |
None |
Report is unavailable to (hidden from) the user. |
Additional security: Report filtering using #CurrentUser
A common practice in Sales reporting is to use the custom wildcard of #CurrentUser on a filter for the Assigned To user of an Organization or other similar User ID fields. This wildcard tells the report to only access records where the AssignedTo User ID is equal to the User ID of the currently logged in user of ClientSpace.