Report Access Control via web tier
All
Pleased to say, based on your examples, I have been able to get a reports
server based on Advantage database and a remote web tier to work.
I now need to extend the web project to include certiain access controls to
the data which is working very successfully in the RBuilder win32
environment.
In my main data I have extended the rbfolder table to include a Branch field
so that a Branch can only see reports which it can run.
The rbItem has an extra field called Access_Level so that a user can only
see reports with a level less than or equal to their access level
When a user logs on the rbfolder is filtered to show only those menus for
his branch and the rbitem table is filtered to show only those report items
the user has been granted access to.
1. How do I pass these values of Branch and Access_Level from the web tier
to the reports server such that the report options displayed match the users
credentials?
2. An extension to access control, which I need to incorporate shortly, both
to this and the win32 envicronment, is to pass a report variable (Account
No) to the report without the report variable being visible to the user.
This way I can have one report, which when a user is logged on, will only
shows his account details, and subsequently the same report will show
different account details to another user. I do not want to display the
report variable, otherwise someone may be tempted to change the value and
display someone else's account. (This is a sort of mixture of the simplicity
of the database based reports in rbItem and the flexibility of the .rtm
template based reports).
3. My main web user interface (which then knows all about the users Branch,
Account No and Access_Level) is written in an IntraWeb ISAPI.dll, is there
any way I can incorporate the rsWebTier/WebModule into the IntraWeb
application? If not are there any examples of how to pass variables into
the webtier.dll for subsequent use by the rsServer? (these must not be
visible to the users).
Thanks in advance
Philip L Jackson
Pleased to say, based on your examples, I have been able to get a reports
server based on Advantage database and a remote web tier to work.
I now need to extend the web project to include certiain access controls to
the data which is working very successfully in the RBuilder win32
environment.
In my main data I have extended the rbfolder table to include a Branch field
so that a Branch can only see reports which it can run.
The rbItem has an extra field called Access_Level so that a user can only
see reports with a level less than or equal to their access level
When a user logs on the rbfolder is filtered to show only those menus for
his branch and the rbitem table is filtered to show only those report items
the user has been granted access to.
1. How do I pass these values of Branch and Access_Level from the web tier
to the reports server such that the report options displayed match the users
credentials?
2. An extension to access control, which I need to incorporate shortly, both
to this and the win32 envicronment, is to pass a report variable (Account
No) to the report without the report variable being visible to the user.
This way I can have one report, which when a user is logged on, will only
shows his account details, and subsequently the same report will show
different account details to another user. I do not want to display the
report variable, otherwise someone may be tempted to change the value and
display someone else's account. (This is a sort of mixture of the simplicity
of the database based reports in rbItem and the flexibility of the .rtm
template based reports).
3. My main web user interface (which then knows all about the users Branch,
Account No and Access_Level) is written in an IntraWeb ISAPI.dll, is there
any way I can incorporate the rsWebTier/WebModule into the IntraWeb
application? If not are there any examples of how to pass variables into
the webtier.dll for subsequent use by the rsServer? (these must not be
visible to the users).
Thanks in advance
Philip L Jackson
This discussion has been closed.
Comments
Check out the following two tech tips...
-------------------------------------------------------
Tech Tips: RB Server and Custom Parameters
-------------------------------------------------------
The RBServer Custom Parameter demos show how to define custom session and
report level parameters that can be used to implement security and other
types of custom processing.
The are three projects that work together. Each project includes a
ReadMe.doc and commented code.
1. RBServer\Demos\Servers\Custom Parameters
2. RBServer\Demos\WebTier\Custom Parameters
3. RBServer\Demos\Clients\Custom Parameters
The demos include examples of how to...
1. Define Custom Session parameters.
A custom login form is displayed. Based upon the login, the catalog of
reports available to the user is filtered.
2. Define Custom Report parameters
A custom parameter form is displayed. The parameters are used by the report.
3. Custom AutoSearch form
A custom autosearch form is displayed. The parameter values are used by the
autosearch criteria.
---------------------------------------------
Tech Tips: How can I request that the webtier
execute a specified report?
---------------------------------------------
Question:
---------
Without using the Web ReportExplorer, how can I request that the webtier
execute a specified report?
Solution:
---------
The webtier processes requests for web content. These requests consists of
1. The URL for the webtier
example: http://127.0.0.1/rbWebPub/report.dll
2. A parameter specifying the content type.
example: content=viewer
{note: content=viewer, is used to request report viewer content.}
3. Additional parameters that are specific to the content request.
volume=Report Forms (the volume name)
Name=Basic\Biolife Table (the full path name to the report)
frameset=1 (show the framset with the toolbar etc., this is required)
Use a web browser to access the webtier demo that displays the report
explorer.
Notice that when you place the mouse over a report in the report explorer
that the status bar in IE shows the url plus some params. That is the string
required to run the report on the web tier.
Example:
http://127.0.0.1/rbWebPub/report.dll?content=viewer&volume=Report
Forms&name=Basic\Biolife Table&framset=1
So the parameters here are
content=viewer (type of content is report viewer)
volume=Report Forms (the volume name)
Name=Basic\Biolife Table (the full path name to the report)
frameset=1 (show the framset with the toolbar etc., this is required)
4. AutoSearch Parameters
To specify autosearch parameters for a report, include the parameter
'newsearch=T' followed by the autosearch parameters.
AutoSearch parameters have the following naming convention: asgXfYse and
asgXfYsa.
The asgX specifies the autosearch group number, where X is the number. The
fY specifies the field number, where Y is the number. The se indicates that
the value is a search expression and the sa specifies that the value is the
"show all" boolean expression.
Example:
content=viewer
newsearch=T
asg0f0se=S
asg0f0sa=false
--
Nard Moseley
Digital Metaphors Corporation
http://www.digital-metaphors.com
Best regards,
Nard Moseley
Digital Metaphors
www.digital-metaphors.com