NoPublic, bureaucrat, administrator
1,068
edits
Changes
no edit summary
== Row-level security ==__NOEDITSECTION__
Example:
<pre>
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!-- Row level security -->
<!-- What access do roles/users have to the rows in the resource? -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!-- Row level restrictions for Organisations, e.g. Operator X only sees his own progress reports -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['Organisation'] }]]></principalExpression>
<filterExpression>testProfileAttribute(parent_organisation.parent,'Organisation')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition>
</pre>
== Column-level security ==__NOEDITSECTION__
Example:<pre><securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted"><!-- Column level security --><!-- What access do roles/users have to the fields in an item group? --> <itemGroupAccessGrants> <itemGroupAccessGrantList id="grant_item_group_Victims" label="aLabel" itemGroupId="victims" defaultAccess="granted"> <itemGroupAccessGrants> <!-- Column level for Victims: allow general access to ROLE_NOVICTIMNAMES, then deny access to specific fields --> <itemGroupAccessGrant id="Victims_item_group_access_grant" access="granted"> <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_NOVICTIMNAMES'] }</principalExpression> <itemAccessGrantList id="Victims_grant_item_group_items" defaultAccess="granted"> <itemAccessGrants> <!-- Deny access to the name and surname of victims --> <itemAccessGrant id="Jointree_1_grant2_items_grant1" itemId="givenname" access="denied" /> <itemAccessGrant id="Jointree_1_grant2_items_grant2" itemId="familyname" access="denied" /> </itemAccessGrants> </itemAccessGrantList> </itemGroupAccessGrant> </itemGroupAccessGrants> </itemGroupAccessGrantList> </itemGroupAccessGrants></securityDefinition></pre>
{{NavBox Business Intelligence}}
[[Category:VIE]]