Securing MINT Domains
 |
This page is under construction |
Row-level security
Example:
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!-- Row level security -->
<!-- What access do roles/users have to the rows in the resource? -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!-- Row level restrictions for Organisations, e.g. Operator X only sees his own progress reports -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['Organisation'] }]]></principalExpression>
<filterExpression>testProfileAttribute(parent_organisation.parent,'Organisation')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition>
Column-level security
Example:
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<!-- Column level security -->
<!-- What access do roles/users have to the fields in an item group? -->
<itemGroupAccessGrants>
<itemGroupAccessGrantList id="grant_item_group_Victims" label="aLabel" itemGroupId="victims" defaultAccess="granted">
<itemGroupAccessGrants>
<!-- Column level for Victims: allow general access to ROLE_NOVICTIMNAMES, then deny access to specific fields -->
<itemGroupAccessGrant id="Victims_item_group_access_grant" access="granted">
<principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_NOVICTIMNAMES'] }</principalExpression>
<itemAccessGrantList id="Victims_grant_item_group_items" defaultAccess="granted">
<itemAccessGrants>
<!-- Deny access to the name and surname of victims -->
<itemAccessGrant id="Jointree_1_grant2_items_grant1" itemId="givenname" access="denied" />
<itemAccessGrant id="Jointree_1_grant2_items_grant2" itemId="familyname" access="denied" />
</itemAccessGrants>
</itemAccessGrantList>
</itemGroupAccessGrant>
</itemGroupAccessGrants>
</itemGroupAccessGrantList>
</itemGroupAccessGrants>
</securityDefinition>
{{#switch:|subgroup|child=|none=|#default=
}}{{#if:Business Intelligence|{{#if:|<th scope="col" style="border-left:2px solid #fdfdfd;width:100%;|}}{{#if:|{{#if:Business Intelligence|}}}}{{#if:Install Staging Area Generator · Using Staging Area Generator · Post Processing SQL Scripts · SAG Spatial reference system · Name Rules Staging Area · Scheduling the Staging Area creation|{{#if:Business Intelligence|}}{{#if:|}}{{#if:Staging Area Generator|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|{{#if:|}}}}{{#if: IMSMA Staging Area Database · Connecting to IMSMA Staging area from ArcGIS · Connecting to IMSMA Staging area from Excel · Sharing an IMSMA Staging Area|{{#if:Business IntelligenceInstall Staging Area Generator · Using Staging Area Generator · Post Processing SQL Scripts · SAG Spatial reference system · Name Rules Staging Area · Scheduling the Staging Area creation|}}{{#if:IMSMA Staging Area|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:Business IntelligenceInstall Staging Area Generator · Using Staging Area Generator · Post Processing SQL Scripts · SAG Spatial reference system · Name Rules Staging Area · Scheduling the Staging Area creation IMSMA Staging Area Database · Connecting to IMSMA Staging area from ArcGIS · Connecting to IMSMA Staging area from Excel · Sharing an IMSMA Staging Area|}}{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:Other Reporting Tools|{{#if:Other Reporting Tools|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if: Introduction to indicators|{{#if:Indicators|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:Business IntelligenceInstall Staging Area Generator · Using Staging Area Generator · Post Processing SQL Scripts · SAG Spatial reference system · Name Rules Staging Area · Scheduling the Staging Area creation IMSMA Staging Area Database · Connecting to IMSMA Staging area from ArcGIS · Connecting to IMSMA Staging area from Excel · Sharing an IMSMA Staging Area|}}}}
|none=|#default= | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
}}{{#ifeq:|Template|{{#ifeq:|child||{{#ifeq:|subgroup||{{#switch:securing mint domains
|doc
|sandbox
|testcases =
|#default = {{#switch:hlist
|plainlist
|hlist
|hlist hnum
|hlist vcard
|vcard hlist =
|#default =
}}
}}
}}}}}}