Home Server
New Blog Posts: Merging Reports - Part 1 and Part 2

Report Access Control via web tier

edited October 2005 in Server
All

Pleased to say, based on your examples, I have been able to get a reports
server based on Advantage database and a remote web tier to work.

I now need to extend the web project to include certiain access controls to
the data which is working very successfully in the RBuilder win32
environment.

In my main data I have extended the rbfolder table to include a Branch field
so that a Branch can only see reports which it can run.
The rbItem has an extra field called Access_Level so that a user can only
see reports with a level less than or equal to their access level

When a user logs on the rbfolder is filtered to show only those menus for
his branch and the rbitem table is filtered to show only those report items
the user has been granted access to.


1. How do I pass these values of Branch and Access_Level from the web tier
to the reports server such that the report options displayed match the users
credentials?

2. An extension to access control, which I need to incorporate shortly, both
to this and the win32 envicronment, is to pass a report variable (Account
No) to the report without the report variable being visible to the user.
This way I can have one report, which when a user is logged on, will only
shows his account details, and subsequently the same report will show
different account details to another user. I do not want to display the
report variable, otherwise someone may be tempted to change the value and
display someone else's account. (This is a sort of mixture of the simplicity
of the database based reports in rbItem and the flexibility of the .rtm
template based reports).

3. My main web user interface (which then knows all about the users Branch,
Account No and Access_Level) is written in an IntraWeb ISAPI.dll, is there
any way I can incorporate the rsWebTier/WebModule into the IntraWeb
application? If not are there any examples of how to pass variables into
the webtier.dll for subsequent use by the rsServer? (these must not be
visible to the users).

Thanks in advance

Philip L Jackson

Comments

  • edited October 2005

    Check out the following two tech tips...

    -------------------------------------------------------
    Tech Tips: RB Server and Custom Parameters
    -------------------------------------------------------

    The RBServer Custom Parameter demos show how to define custom session and
    report level parameters that can be used to implement security and other
    types of custom processing.

    The are three projects that work together. Each project includes a
    ReadMe.doc and commented code.

    1. RBServer\Demos\Servers\Custom Parameters
    2. RBServer\Demos\WebTier\Custom Parameters
    3. RBServer\Demos\Clients\Custom Parameters


    The demos include examples of how to...

    1. Define Custom Session parameters.

    A custom login form is displayed. Based upon the login, the catalog of
    reports available to the user is filtered.

    2. Define Custom Report parameters

    A custom parameter form is displayed. The parameters are used by the report.

    3. Custom AutoSearch form

    A custom autosearch form is displayed. The parameter values are used by the
    autosearch criteria.



    ---------------------------------------------
    Tech Tips: How can I request that the webtier
    execute a specified report?
    ---------------------------------------------


    Question:
    ---------

    Without using the Web ReportExplorer, how can I request that the webtier
    execute a specified report?


    Solution:
    ---------

    The webtier processes requests for web content. These requests consists of

    1. The URL for the webtier

    example: http://127.0.0.1/rbWebPub/report.dll


    2. A parameter specifying the content type.

    example: content=viewer

    {note: content=viewer, is used to request report viewer content.}


    3. Additional parameters that are specific to the content request.

    volume=Report Forms (the volume name)
    Name=Basic\Biolife Table (the full path name to the report)
    frameset=1 (show the framset with the toolbar etc., this is required)


    Use a web browser to access the webtier demo that displays the report
    explorer.

    Notice that when you place the mouse over a report in the report explorer
    that the status bar in IE shows the url plus some params. That is the string
    required to run the report on the web tier.

    Example:
    http://127.0.0.1/rbWebPub/report.dll?content=viewer&volume=Report
    Forms&name=Basic\Biolife Table&framset=1


    So the parameters here are

    content=viewer (type of content is report viewer)
    volume=Report Forms (the volume name)
    Name=Basic\Biolife Table (the full path name to the report)
    frameset=1 (show the framset with the toolbar etc., this is required)


    4. AutoSearch Parameters

    To specify autosearch parameters for a report, include the parameter
    'newsearch=T' followed by the autosearch parameters.

    AutoSearch parameters have the following naming convention: asgXfYse and
    asgXfYsa.

    The asgX specifies the autosearch group number, where X is the number. The
    fY specifies the field number, where Y is the number. The se indicates that
    the value is a search expression and the sa specifies that the value is the
    "show all" boolean expression.


    Example:

    content=viewer
    newsearch=T
    asg0f0se=S
    asg0f0sa=false


















    --
    Nard Moseley
    Digital Metaphors Corporation
    http://www.digital-metaphors.com


    Best regards,

    Nard Moseley
    Digital Metaphors
    www.digital-metaphors.com
This discussion has been closed.