JasperReports Server report permissions/roles - roles

We have a collection of reports on our JasperReports Server right now, most of which have input controls.
I recently implemented Roles, adding a specific role for the users of these reports (with the intention of adding additional roles in the future for other reports, not associated with this specific group).
All of the reports, some with, some without input controls are working with the exception of one that has a single input control (multi select query tied to a dropdown) that does not work for the users assigned to the role I just put in. I can access it normally as admin user.
I have checked to make sure that the role has Execute only for the Queries and for that specific query, and for the actual Input Control and the report.
If I can post something that will help troubleshoot this issue, I'm happy to do so...looking for any ideas that might help...

At this point we have not found a solution, however, I did delete the report from the server, and re-upload it from iReport, and reconnected the Input Control. After that little exercise, everything is back to working normally, and the user with the assigned role has access to everything she needs.

Related

How do I control user access and data permissions

Let me preface this with the fact that I don't know much about VBA. I have created a database that will be split and the front end will be distributed to 14 different project managers. The database is intended to allow users to enter bi-weekly updates to their projects. I hope to get some guidance on creating usernames and passwords so that PMs can only access their project data.
I don't mind creating and issuing usernames and passwords to each user, but I am trying to avoid creating 14 copies of the database. That would make providing updated databases a nightmare.
Hopefully this isn't too basic of a question for this group.
yes, you can control users access, you need to create a user table in your backend database that will hold their firstname, surname, password, and any other user specific data that you might need, e.g. department, access level, etc.
In your front end, you need a login form and you make that the Display Form for your fe (set in the access options menu). You check the username and password entered matches what is held in your database, and if it's correct, you load the appropriate form, usually a main menu, and show them the appropriate data based on the login they used. You may need to hold the login they used in a TempVar, so you can access it from any form, report, query etc in your frontend.
You will need something like LASsie (Light Application Security) or program a similar solution yourself.
Also, you may enjoy my article Deploy and update a Microsoft Access application with one click.
(If you don't have an account, browse for the link: Read the full article.)

Allow multiple users to fill form in MS Access or HTML Form based submission

I'll summarize the operation to give you a background.
I've an Access database in place with forms wherein a user inputs with diverse fields. This file is hosted on a shared network for my organization. The database is split between backend and frontend.
Issue(s):
- Multiple user cannot access a single form and simultaneous entries are not allowed.
- In case, if the file is opened by mistake it will prevent to enable submissions for other users on the network.
I am not sure if this will work as I am a newbie in Access. But can we create a HTML based form which will fill the tables in Access? If yes, kindly help in creating one. If not, kindly suggest an alternative.
Sample table attributes:
Date Name Type Remark
This is the same type of setup I use at my company. We have one backend (all the tables) and a frontend (queries, forms, reports, etc). The way to allow multiple users to work with the database is to have each user run their own instance on their computer ie have them copy/paste the frontend to their local desktop. Another thing to keep in mind is that the tables must be set up with primary key and autonumber field to prevent users from accessing and editing the same record.

Limit access to each other's database in Google Cloud Big Query

I need to grant access to Big Query to 30 Phd Students in a University on Google Cloud Platform.
Can I give them standalone access to each of them? i.e. One student cannot see other's work unless it is granted.
Creating projects = number of students is not too cost effective.
so can I give 30 access controls to a single project ?
The students need to have full access to Big query (Create, edit, join, download, run) to their respective databases.
The document is indeed confusing. Don't grant any project-level permissions. Just as Katie Sinatra said, go to the dataset Web UI, in the arrow drop's "Share dataset", add email and grant "Can edit". At the time of this writing, after you do the above, the user won't be able to see the dataset in the Web UI, but s/he can still do query in the Web UI just fine if s/he specifies the table correctly, i.e. `project.dataset.table`. (i tested it.) The user can also manually add the dataset to be displayed in the web UI. Here is how to do it, https://cloud.google.com/bigquery/bigquery-web-ui#displayprojects.
What i am still confusing is: after you do the above, when the user do a query, who is paying. My guess is the user is paying. If you want the dataset's original owner (the project under which the dataset is created) to be billed, then my guess is that you need to grant project-level BigQuery Job User permission to the user/email in addition to the above. Then, the user will be able to select the project in the GCP console and hit "BigQuery" to go to the big query Web UI, and be billed under the project. (by the way, if you do this, the dataset can be seen by the user in the Web UI.)
As JL-HN said, it is documented but it is a bit confusing. To give access to an specific dataset, you only need to go the dataset, in the arrow drop it down and click on "Share dataset". Then you only need to add the email of the student that will handle that dataset.

How to handle permissions per role

I am working in a Yii project with 4 or 5 roles. Where each role has access to similar forms and views but do not see all fields. Also there are reports which are only for management level roles.
In the past I have managed permissions based on per field control to avoid repeating code, but this get into a nightmare.
My question is, what is the best approach you have used to handle permissions? per field or per view?
I was thinking in create different views and the admin can select which ones to assign to each role.
Any ideas you can bring will help me.
Use RBAC module http://www.yiiframework.com/doc-2.0/guide-security-authorization.html
Once you have defined you role and permission you can use the function provided by Yii2 for show /hide the field you need or for lead the code behavior

tool to give user ability to query database without any ability to alter data

We have a Power User who knows the database very well and has become a great asset since we gave him access with SQL Server Management Studio. Unfortunately, we also gave him a user/pwd used by all Development which carries ability to change data.
Without going into all the wrongs behind having such a privileged db-user and giving such access an end user, is there a tool that would give the user ability to query without any ability to update/insert/drop/ or anything else?
My guess is that the user probably does not want to change the database -- for his/her protection as well as yours.
Just enable this user's login using Window to have read-only access. Or, set up another read-only user and give it to the power user. At the extreme, you may need to change the password of your super user account.
I would recommend in the mean time that you set up a development group, give the group privileges, and assign the developers to the group. They can then login through that id. Perhaps one day, you'll be able to disable your super user account. For now, you should think about ways to work around it.