How to handle permissions per role - permissions

I am working in a Yii project with 4 or 5 roles. Where each role has access to similar forms and views but do not see all fields. Also there are reports which are only for management level roles.
In the past I have managed permissions based on per field control to avoid repeating code, but this get into a nightmare.
My question is, what is the best approach you have used to handle permissions? per field or per view?
I was thinking in create different views and the admin can select which ones to assign to each role.
Any ideas you can bring will help me.

Use RBAC module http://www.yiiframework.com/doc-2.0/guide-security-authorization.html
Once you have defined you role and permission you can use the function provided by Yii2 for show /hide the field you need or for lead the code behavior

Related

Laravel Authentication with 2 types of users

I'm trying to wrap my head around the best approach to this problem, I'm making a web-app that is to have two types of users.
- Administrator (administrators_table)
- User (users_table)
The User has many many more properties than an Administrator which is relatively straight-forward. So we've separated them to different tables.
Ideally, I'd like them to use the same login form. Would my current scenario of two separate tables be recommended, or is there a better approach to this?
Thank you to everyone's input. Although very good, it was a bit complex for this simple app.
We decided to merge the Admin and Users table, and have an isAdmin column and using Laravel's Middleware to separate the two roles.

how to read user ROLES using XSJS?

​I would like to know what the session user has access to. For example if user X has access to a particular database or a set of tables. When looking into HANA I see that I have the PUBLIC role that allows me to see the database, how can I pull this information using XSJS so I can perform logic based on those roles?
I've used $.session.hasSystemPrivilege("PRIV"); but this is different than checking roles. I tried testing for "INSERT" for inserting into the database which returned false. I know that I can write to the tables. Looking in to the HANA, the system privileges tab is empty for me.
Could someone give me some guidance here?
Create your analytic/calculation view on top of SYS.GRANTED_ROLES or GRANTED_PRIVILEGES.
Expose your view as OData service and access this service in XSJS.

Pentaho CE - Parameter Authentification

I just wanna know if it's possbile to have a parameter or variable in Pentaho CE 5.0.1 when users log , so in that case each user will have his own report and cube in function of that parameter.
Thank you ,
If I understood you, you want to restrict data based on user name.
Example: User A can see Cube filtered to to Products from A department.
I used these 3 pages to implement such settings.
Try here, here and here.
The best way to do it is by assigning roles to different types of users and enabling cube security. You may grant role A the right to view a cube/schema/dimension/member and deny it to another.
As for content itself (reports, dashboards), you manage that from within Pentaho User Console by adding permissions either to a role or to a user.

JasperReports Server report permissions/roles

We have a collection of reports on our JasperReports Server right now, most of which have input controls.
I recently implemented Roles, adding a specific role for the users of these reports (with the intention of adding additional roles in the future for other reports, not associated with this specific group).
All of the reports, some with, some without input controls are working with the exception of one that has a single input control (multi select query tied to a dropdown) that does not work for the users assigned to the role I just put in. I can access it normally as admin user.
I have checked to make sure that the role has Execute only for the Queries and for that specific query, and for the actual Input Control and the report.
If I can post something that will help troubleshoot this issue, I'm happy to do so...looking for any ideas that might help...
At this point we have not found a solution, however, I did delete the report from the server, and re-upload it from iReport, and reconnected the Input Control. After that little exercise, everything is back to working normally, and the user with the assigned role has access to everything she needs.

Is there a way you can specify a custom ROLES table to use just like you can specify the USERS table in Websecurity.InitializeDatabase()?

So I know you can specify what custom table you would like to use for the Users table when utilizing the InitializeDatabase method on the WebMatrix.WebData.Websecurity class, but I wanted to find out if there is no way to specify the Roles table to use? There might not be any reason - except if you wanted more control over what data is stored with a role.
I think there is no way to specific roles table in Websecurity.InitializeDatabase()
but for example you can include Asp.net Simple Membership tables as part of your entity framework model and more control over it.
This article might assist you in resolving your issue.