Overview - Set up Users and Security Roles

Main Page | Discussion | Edit | History | Help | Switch to MediaWiki mode

---

---

In this lesson you will create users and security roles. You will then specify which users and members of which security roles can access each report and report document. This lesson demonstrates:

• Logging into the Management Console interface to iServer, as an administrator.
• Creating new iServer Users.
• Creating new Security Roles and assigning Users to Security Roles.
• Specifying which users or roles can access a report, report document, or folder.

Contents 1 Administering Users and Roles 2 Log into Management Console 3 Create User Accounts 4 Create a Security Role 5 Assign a Role to a User 6 Assign Access Privileges to Reports and Folders 7 Test the Privileges 8 Learn More

Administering Users and Roles

A user is a person who uses the system. Each user has an account and a home folder. Privileges control what the user can see and do on the server. Previous lessons used the special Administrator user that has full access to all resources on the server.

As your reporting application grows, it becomes tedious to assign security to each user individually. To simplify security administration, iServer Express uses a role-based system for assigning priviledges. You can, for example, create a Finance role that grants access to financial reports only to people within the proper department.

Previous lessons showed the iPortal end-user interface to iServer. This lesson explores Management Console: the web-based administrative user interface for iServer Express. It includes pages for working managing users, security roles, e-mail notification groups, and access privileges. Privileges can be set on reports, report documents, and folders. Management Console also incorporates all of the iPortal functionality discussed earlier.

Log into Management Console

• From the Windows Start menu, go to “All Programs → Actuate9 → iServer Management Console”. Or, alternatively, open http://<MACHINENAME>:8900/acadmin/login.jsp in the web browser.

The Management Console login screen appears:

The login options here are the same as those discussed in the Log into iServer Express using iPortal lesson. Let's log in as administrator using the password you set in an earlier lesson.

• User name — Enter "Administrator".
• Password — Enter the password you created earlier.
• ClickLog In.

The Files & Folders listing for the Administrator's home folder appears. The PDF file created in the previous lesson should appear in the list.

Create User Accounts

Our first administrative task is to create some users.

• Click on “Users” in the left sidebar.

You will see just the default user, Administrator, listed so far.

• Click on the Create User button.

The user page appears and displays the “General” tab. Let's enter information for a sample user:

• Name — Bill
• Description — "Bill Abner (sample user)"
• Password & Confirm Password — bill
• E-mail — babner@actuate.com
• Home folder — /Home/bill

The page should now look like this:

• Click on the other tabs to see the other user settings. For now, don’t change any of the defaults.
• Click OK to finally create the new user “Bill”.

iServer Express creates the user. It also creates the user's home folder if it does not exist. The permissions on the new folder allow only this user access. (The Administrator, of course, has access to all folders.)

• Repeat the entire process to create a user named “Sue”.

After you’re finished, the listing of users looks like this:

• Click on Files & Folders in the left-side bar to display the respository.
• Click on the Home link in bread-crumb trail at the top of the page.

The contents of the Home folder are now as follows:

Create a Security Role

Users gain privileges in one of two ways. First, you can grant privileges directly to each user. However, if several users will have the same privileges based on their position within the organization, it is more convenient to first define a role with the privileges, then assign that role to the proper users. This is the approach we'll take here to create a Finance role.

• Click on Security Roles in the left sidebar.

The following list appears. It contains a set of system roles defined by iServer Express itself.

The "Administrator" role allows you to assign administrative privileges to named users. The other roles cover specialized tasks discussed in the product documentation.

Let's add a sample role.

• Click the “Create Role” button.

• Set the name to “Finance”. Leave the other fields at their defaults for now.
• Click “OK”.

The new security role, “Finance” will now appear in the Security Roles listing.

Assign a Role to a User

Now that we have the role defined, we have to give Bill the Finance role.

• Click on Users in the left sidebar.
• Click on Bill in the listing of users.
• Click on the Roles tab.

• Select Finance from the left shuffle box and click on the right arrow button (located between the two shuffle boxes) to copy “Finance” over to the right shuffle box.
• Click OK.

Assign Access Privileges to Reports and Folders

Next, we want to restrict access to certain reports to only those users with the Finance role.

• Navigate back to the \Public\BIRT & Business Reports Examples folder
• On the left of the “Customer Dashboard” report, hover your mouse over the blue arrow icon:

A drop-down menu appears.

• Select Properties.

The report properties appear.

• Click on the “Privileges” tab.

Right now the Customer Dashboard report is available to everyone. Global access is granted using the All role. Since we want to restrict access, let's remove the All role from the Customer report.

• Select All in the right shuffle box
• Click on the left arrow button (located between the two shuffle boxes)

At this point, no one but the Administrator has access to the report. Now, let's allow just members of the “Finance” role to run this report. Then, we have to decide which privileges to grant to Finance. There are three.

• Visible — Means that the report will appear in the document list. (Documents without the Visible privilege cannot even be seen.)
• Read — Allows the user to work with the report. This applies mostly to report documents (report output.)
• Execute — Allows the user to run the report. This applies to report executables that you can run.

Since the Customer Dashboard report is a report executable, we must assign all three privileges:

• Select Finance in the left shuffle box
• Click on the right arrow button to copy Finance to the right shuffle box
• Under the right shuffle box, click the check boxes for Visible, Read and Execute. These permissions allow members of the finance role to run the report and to see the report listed in iPortal.
• Click OK.

Test the Privileges

We just modified the access privileges on the “Customer Dashboard” report so that only users in the Finance role can see it or run it. Bill is a member of Finance, so he should be able to see and run it. Sue should not be able to see it. Let’s test it out.

• Return to iPortal: http://<MACHINENAME>:8900/iportal/.
• If you are still logged in as the administrator user, log out (click on the log out button in the upper right corner).
• Log in as user “Sue” using the password you entered when you created this user.
• The Documents listing for Sue’s home folder is displayed (it’s empty).
• Navigate to /Public/BIRT and Business Report Examples.

Notice that the “Customer Dashboard” report is not visible to user Sue.

• Navigate to the /Home folder.

Notice that the only folder visible to this user is “Sue,” the home folder of this particular user. There are two other folders in Home that this user cannot see: “administrator” and “Bill”. This is because, by default, each user's home folder is visible only to that one user.

Now, let's see what Bill sees. He has the Finance role, and so should see the Customer report.

• Logout as Sue, using the link in the upper right corner.
• Re-login in as Bill.
• As Bill, look at the contents of the “/Home” folder. In it, Bill can only see one folder named Bill. He cannot see Sue’s folder of the administrator’s folder.
• Navigate to /Public/BIRT and Business Reports Examples.

The user Bill can see the “Customer Dashboard” report in the Documents listing.

Run the Customer Dashboard report as Bill and view the results. This verifies that Bill has all the required privileges.

Learn More

The following product manual at http://www.birt-exchange.com/modules/documentation/ provides more information.

• If you are a BIRT user: BIRT Deployment → iServer Express Report Server → Using Actuate iServer Express →, or
• If you are an e.Spreadsheet user: Spreadsheet Automation → iServer Express Report Server → Using Actuate iServer Express →
  • Understanding Encyclopedia volume management
  • Managing Encyclopedia volume security
  • Managing users
  • Working with security roles

The same documentation is available in your iServer Express install:

• http://localhost:8900/iportal/help/wwhelp/wwhimpl/js/html/wwhelp.htm → Using iPortal for Actuate iServer Express → Managing Reports (substitute the proper machine name for "localhost" if iPortal is on another machine.)

You can simply click on the Help link on each of the iPortal pages to get help with that specific page.

---

---

This page has been accessed 912 times. This page was last modified 05:27, 5 September 2008.