Presentation is loading. Please wait.

Presentation is loading. Please wait.

SoftReports Security Features

Published byDiana Lane Modified over 6 years ago

Similar presentations

Presentation on theme: "SoftReports Security Features"— Presentation transcript:

1 SoftReports Security Features
Presented by Kim Schroeder Team Lead SoftReports Implementation/Support Jonathan Crow SoftReports Implementation/Support Specialist Introduction slide Opening presenter introduces members Welcomes attendees Announces new security features now apply to soft reports product

2 Soft Reports Utilizing Security Management Features
Then, you have come to the right session. The new features of SoftReports using the Security Management product The advantages of using these features to secure areas in designer Review best practices using Security Management in affecting SoftReports Designer Categories Available versions : X – X We will allow plenty of time for a round table question and answer session on this topic at the end of the presentation. 1. We have new features with Soft Reports Product Line v. 1.9.x.x along with Security Management line v. ( ). 2. You may be aware of security features with other Soft Products We will be focusing on Soft Reports using Security to gain more control over users of the product (Possibly start describing issues with all areas open to users currently) – scheduling, unwanted modifying of reports, etc. Features are dependent on setup in your systems by Super Users/Administrators Setup may vary based on the way your system is configured to your needs Please hold questions till end of the presentation

3 What is SoftReports? It is a “Report Formatter” (transforms the SQL or XML data into a report) It is a “Report Layout Editor” for “SQL Reports” and “System Generated Reports” It is a “SQL Query Builder” It is a “Report Launcher” for running the SoftReports SQL reports (On-Demand or Scheduled)

4 The Components of SoftReports
Soft Reports Designer Report Explorer Layout Editor Query Designer Soft Reports Launcher Executing Ad hoc Reports Scheduling Ad hoc Reports Tracking Ad hoc Reports Soft Reports Formatter PC A dedicated PC/Server that accepts the report *.xml data from the individual modules and translates it into the SoftReports format (*.pdf). Soft Reports Program Software installed on the servers (“Main” and “Aux”). This is the actual application that executes for all active environments.

5 Designer - Top Level Categories
Based on modules installed by Soft Security restrictions will not impact these categories May contain any number of nested folders

6 Creating New Categories in Designer
Choose top level category Right click – Hover on “New” Select New Category Type in a Category name Repeat this process on the new category to make multiple sub categories New Category New Sub Categories

7 Areas in Designer Categories follow hierarchy
May contain subset of multiple nested folders Folders are containers for holding: Reports Queries Layouts

8 Setting up Security Roles and Permissions in Security Management for SoftReports
Now we are going to discuss How these security features can be used in designer How to enable them to lock down a sub category How to enable folders while restricting access to all others How this will help ensure controlled access

9 The components of Security Management
Provides Security by Role or Permission class – Defines what is secured (products) and at what level (granularity) User – Defines who will have access Configured by system administrators/super users Regular users – Affected by the settings Security Management – tool for controlling access to Soft Products via role, permission class, module 2. You may use this already in other soft systems – lab, Order Entry etc. 3. Permission classes/ Roles – define the what (the access that the user has) 4. Only user entered into the system as a user can access certain functions a) User – defines the who – tied to a account with credentials, password, identity, etc. User is an account created unique to a person using Soft Products System Administrators/Super users required to set up the accounts and assign permissions (must have admin access in security) Will need these credentials when following the handout on a test system

10 Users, Roles, Permissions Setup
Dependent on three areas in Security before active Must define new user account or use existing user account Must define a Security Role and apply to user account Must define a Security Permission and apply to user account If using Active Directory with single sign on : Ensure to use a valid user account on the domain and apply this to the User created in Security Management Three Key Pieces to enabling Category Restrictions in Soft Reports Also discuss the use of roles to restrict access to parts of the Soft Reports product The handout provided will walk you through the steps here and assist you in setting up these on your own system Pieces are: a) User account b) Security Role – which is applied to the user c) Security Permission – give granular control over categories in designer 4) Soft Reports = Site less product – no restriction based on site for login options (all or nothing)

11 User Setup - Requirements
User – Defines who will have access to SoftReports Product Areas Requires for setup: ID (User sign in account) Initials Defined (Required field) Active Check box enabled (Activates user account) Valid password consistent with policy (Will allow for sign on when accessing module) Must have ID and a password associated with the user account Incorporates single sign on with those credentials Roles grant access Permission classes grant more defined access in designer now Single sign on – a way to access all soft products 6. No need to type passwords multiple times

12 User Tab Example Active Check box User ID Password Requirement
User Requirements for setting up Security Permissions in Designer Must have User ID – filled out (unique – or specific to a user) Must have initials defined (unique – or specific to a user) Active checkbox – must be enabled for the user System password must be defined if User is new Save changes and wait for the system to update Active Check box User ID Password Requirement Domain and Domain User assigned to SCC Security Account (When applicable) Initials

13 Role Requirements Must contain a Unique Role ID
Must contain a description of the role (required) Must be set to active to take affect Must be applied to a User account Individual Role options selected will grant access to the product areas Requirements for Setting up Security Role for user Role must be uniqe ID (required ) Name or description – can be helpful in determining usage (not required) Active check box = set to Yes for permission changes to take effect Click save to effect changes and wait for system to update

14 Security Role Example Role ID Make active Role Options Product
Option 1 – Browse Mode a) Open reports in read only mode b) Not editable Option 12 – Full Access a) Allows for full access to categories, layouts, and queries b) May copy, move, delete and alter existing reports in categories – or more to new Option 13 – Layout Editor a) Modification of layouts 4. Option Query Editor a) Modification of Queries Option 15 – Bypass advanced features a) Over writes permission based set up features b) Do not use this role if you expect the following to work properly Option 2 – Run reports a) Cannot login to launcher without this option Option 21 – Schedule reports a) Cannot schedule reports – may manually run reports from launcher 8. Option 22 – Track all Reports a) allows the option to track all scheduled jobs - These role types limits access only to specific parts - They do not define access to specific parts of designer (categories) - They do not define access to specific parts in launcher (categories) - Soft Reports is a site less product (where role per site will not affect) - User must have Role per all sites referred - Any changes require user log off to take effect Role Options Product

15 Security Role Options - SoftReports
Limit access to the Product Can be considered as a basic permission – high level Affects the User the role is assigned to May be applied to more than one user Designer Role Options are: Browse Designer Full Access Layout Editor Query Editor Bypass Advanced Security Features (Do not use option 15 for restrictions ) Launcher Role Options are: Run Reports Schedule Reports Track all Reports Basic role options - As a security role with Soft Reports product Limit basic access to the product – type a) Scc is the product b) Products defined as – Soft Reports, Lab, Mic, etc. Defined in security under role a) A role is created that handles these situations – access to what in this case Soft Reports product b) Assigned to a user Affects the user the role is assigned to – but may be applied to multiple user(s) Can be selected on an as needed basis (workflow req.) Setup by administrator (super user) or appropriate account with access in Security

16 Designer Role Option Example
Layout Editor – Unchecked - 13 Examples of – Layout Editor – Option uncheck, (notice disabled options in layout editor to change report settings) a) Any layout with no access defined will appear this way Query Editor – Options disabled to open new queries, or existing queries a) Cannot create new queries, or write reports via query builder Query Editor – Unchecked - 14

17 Launcher Option 2 Example
Normal Launcher access Option 2 Cannot log into Launcher – will not display a log on screen Basic denies any ability to access the launcher Option 22 Track all reports This box is “disabled” and will not all for tracking of reports that were not started by user Cannot see multiple runs – aka patient reports, other scheduled reports via crontab view in launcher Usually visible when this option is enabled (allowed to check and track) User without Option 2 present

18 Role Options - Launcher
Launcher Option 22 Uncheck Track all Reports Limits options to track ALL report type job runs All Jobs “checkbox” becomes unavailable Normal use will show any job scheduled – to include file names of Patient Report and custom SQL scheduled jobs 4. Also will show associated files with status – succeeded/failed/no data Etc. Role option 22 limitations All jobs check box becomes unavailable Normal functionality – will allow the user to select from a wider range of report runs via launcher tracking status a) May include lab management report runs and attempts b) May include scheduled patient report runs - defined by the layout the report is using c) May include reports scheduled or run via ad hoc – user created and scheduled reports via launcher d) Display successful jobs – failed jobs – reports run when no data qualifies

19 Example of Normal Tracking options
All jobs will be not available without option 22 enabled Example of option 22 available and possible job runs displayed Notice date and time, and status filter – which in this case is Succeeded Output name – dictates the File name created

20 Role Options - Launcher
This normal way to schedule a report with date and time parameters is nonfunctional without Option 21 checked Option 21 User has ability to log into launcher and manually run reports on the spot User cannot schedule reports from a future perspective Example : cannot run a report for each day of the week – unless it is manually triggered by user May verify that a designed AD hoc report is functional within launcher May verify that format is correct – output or validate printer settings, etc Will not bog down formatter – consistent times with Cron tab for patient batch report schedules Option 21 – Schedule Reports User will be able to manually run a report but not schedule it if this option is not allowed

21 Role Options - Launcher
However, User may still manually launch reports provided they have setup Launcher access as seen above This will run the report and generate the appropriate file type This option only limits scheduling in advance – daily, weekly ,monthly, etc. User with option 21 enabled will have the following access To manually launch Ad hoc user crated reports within launcher with the following steps 1. Navigate to the report in the category it is displayed Click on the report name Where scheduling icon (time piece) option is normally available to schedule – user sees following screen Report may require criteria to run unless otherwise specified Run report to view will instantly generate the report file designed to output – PDF, XLS, etc. Note that this option will allow access and manual job runs without allowing for future scheduling or re occurring report runs

22 Permission Class - Requirements
Permission Class ID Rule sets Access Rules Permission class has unique ID set up Soft Reports must be selected to affect - as module Categories here are like rules (what to do) These categories are defined by default- you cannot make new ones at this time Functions determine access a) Can be negative – deny b) Can be positive – allow c) Key can be modified to allow or deny from a high to low level 6. If multiple users all use the same perm. Class then – they will all be affected by which rule is applied to the category 7. Categories may have different allow / deny rules depending on the situation and configuration desired a) This will determine what is locked down b) Active – categories are Bold (means they have a rule assigned) Product

23 Permission class rules
Adding a Rule “ + “ key adds a Rule Choose Function = access Key1 must be specified as * Logic type may be Negative/Positive Active categories are Bolded after change Negative Rule Two examples of permission classes 2. Production - Example a) Function is Logic type – Negative (no access) b) Key 1 is all folders under the folder this is applied to Development – Example a) Function is Logic type – Positive b) Access allows all folders under the folder this is applied to c) may be more restrictive if definitive path is used Lab/Security You can set these rules up to include pathways to folders or subfolders as needed You can multiple rules for Category Must all be of the same logic type however – Positive or Negative Positive Rule

24 Understanding the rules
If a category is applied to deny access – all sub folders below will be affected If a sub category of that restricted category is desired for access – it can be allowed through a Positive rule Categories in security and designer are independent of each other and may be configured in different ways You may choose to: Deny all access and allow only selected categories Or individually restricted access to categories Depends on workflow and best practices

25 User with Role: Soft Reports Options Chosen
User with Role defined Role defined with options set Omit option - 15 for the permissions to be effective (over rides any restrictions) Example of User tab with Role ID selected for the User On user pane – Roles for all sites (since Soft Reports is a siteless product) Ensure you do not check option 15 or you will not get permission restriction access - Option 15 over

26 Example user with role/permission class
Here user has Role and Permission class assigned User is : jcscc Domain is : SCC user account added Role is : RPTROLE Permission Class is : RPTPE

27 Applying Security to Restrict Categories In the Designer
Now we are going to discuss How these security features can be used in designer How to enable them to lock down a sub category How to enable folders while restricting access to all others How this will help ensure controlled access

28 Designer View Normal Designer View Full access
No action on our restricted user at this point Category here is Workspace 2 - Under Lab We have a sub categories – Development, Production, SCC Testing, Testing The structure is that of a directory tree We are looking at it from a Super user view with no restrictions Notice how all categories and Reports contained within are colored – accessible We may change, copy, modify or any other action to these accessible reports and queries We will next add a permission class to deny access to all folders under Workspace2 We will then show logged in user who is impacted

29 Adding Restriction On the category to effect select Security
Set Restriction Option box populates with options Effecting a category with Security restrictions Assuming that the Permission rules have already be pre defined in security Assuming you have a rule to – Function Access *Negative* 3. You would need to check the box – Restricted (enables the rule) Click ok 4. This will only affect the user that is assigned this permission class Notice how the (Item Name) – Shows the category you are on Will need to log in as the affected user to see the results – We did this in super user mode (no restrictions) Following bellow was done with a Limited Permission user

30 Deny Categories From security in this instance:
Rule was set to negative access - using Production Rule Applies to all sub categories below the affected Workspace2 Category Volume Rule – applied to Workspace2 in designer Below is the Permission class Rule in Security Notice how all sub folders are affected

31 Open vs. Denied Categories Example
Restricted User view Non Restricted User view

32 Restricted Categories - Limitations
Restricted Categories Prevent: User from copying and modifying existing reports, queries and layouts User from creating new reports, queries, and layouts User from modifying existing categories User from creating new Categories – to include sub Categories

33 Using Deny Rules for Multiple Categories
Using same Volume Rule from Security We can affect multiple Categories for all users with the Permission class assigned to them Prior to adding Production Rule to Categories After view by affected user

34 Enabling Categories per User
Given a disabled category from before Apply a Positive rule - to allow a sub category previously affected - Development Rule to the Development folder Applying the Rule – to allow the access Category is now available to user via Positive Rule Rule from Security - Logic Type “Positive”

35 Enabling Multiple Categories
Same Rule from Security - Development Applied to User 1 folder – previously restricted User1 now enabled for user account Notice how all sub folders below the level of this folder are now available This includes any reports, layouts or queries

36 Rules and Limitations Categories may be locked at any category level except the top level - Lab, Microbiology, etc. Rules can control a sub category and affect all sub categories below it This makes security easier to manage per user An allow rule can give access to specific folders in that area previously denied Separate Permission classes can be used with rules to grant user specific areas Usage may vary based on workflow and best practices

37 Two Users with separate permissions
Shared folder – open to both users User specific folder User 1 – includes sub folders User specific folder User 2 – includes sub folders One permission class rule may lock the entire category – applied to both users One permission class rule may un lock the Development category for both users Jack has his own folders for organization and testing to include – writing queries, making reports, new categories and full copy, delete and edit within his area Jon has his own folders for organization and testing to include – writing queries, making reports, new categories and full copy, delete and edit within his area Neither user can access the other user areas – to perform any operations within Notice how all other categories in the Workspace 2 hierarchy are disabled due to a cascading rule set User 1 User 2 Notice how each user has different available folders based on location of the applied restrictions Each user has unique access to appropriate folders Both are denied Categories set up in previous Deny rule Share Development folder access

38 Summary Security may be used to gain high level of control over SoftReport categories Use roles with users to control access to areas of SoftReports product Use permission classes to affect multiple users in Category Restrictions Allow or Deny access based on Workflow and best practices Use these features to obtain greater control with Security options and Soft Reports Use roles to allow or deny access to functions or areas within both parts of the product Use permission classes to restrict to areas of the designer Use negative rules to deny access Use positive rules to allow access Access may be controlled for each category that is not a high level category Allows for organization and control of reports, queries, and layouts Must be set up by a super user Actual setup will depend on workflow needs

39 QUESTIONS?

Download ppt "SoftReports Security Features"

Similar presentations

ADABAS to RDBMS UsingNatQuery. The following session will provide a high-level overview of NatQuerys ability to automatically extract ADABAS data from.

ADABAS to RDBMS UsingNatQuery. The following session will provide a high-level overview of NatQuerys ability to automatically extract ADABAS data from.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
6 th Annual Focus Users’ Conference Application Editor and Form Builder Presented by: Mike Morris.

6 th Annual Focus Users’ Conference Application Editor and Form Builder Presented by: Mike Morris.
Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.

Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.
Deployment Management The following screens demonstrate how to: 1. Access and view deployments 2. Create a new local deployment 3. Create and modify a.

Deployment Management The following screens demonstrate how to: 1. Access and view deployments 2. Create a new local deployment 3. Create and modify a.
Using Task Manager to Work EDI/ERA Posting Lori Phillips CHUG at Centricity Live April 29 – May 2,2015.

Using Task Manager to Work EDI/ERA Posting Lori Phillips CHUG at Centricity Live April 29 – May 2,2015.
SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.

SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.

Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.
IOS110 Introduction to Operating Systems using Windows Session 8 1.

IOS110 Introduction to Operating Systems using Windows Session 8 1.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Administrator – Employee Overview September, 2011.

Administrator – Employee Overview September, 2011.
6 th Annual Focus Users’ Conference Manage Integrations Presented by: Mike Morris.

6 th Annual Focus Users’ Conference Manage Integrations Presented by: Mike Morris.
Session Objectives • Login to PeopleSoft Test Framework(PTF)

Session Objectives • Login to PeopleSoft Test Framework(PTF)
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Similar presentations

Ads by Google