Introduction:In this blog we are going to explain how to implement data security based on the logged-in organization. We have created sample tabular report having the data of client wise meeting date.
In this example covered below, we want to filter the data based on the organization that the user belongs to. Organization for default super admin and default super user is“Null”. While creating a user if no organization is assigned to that user then that organization organization is “Null”. Whenever user logs in using default credentials, data of all the organizations is displayed. In case if the logged in user has organization other than“Null”, he will see data of particular logged in organization only.
Please make sure you have gone through the blog“Introduction to Canned Reporting Interface ”. Also please note that organization (multi-tenancy) is only available in enterprise edition and not community edition.
Steps to implement Data Security
-
- Change the setting.xml file:
Open the setting.xml file present in location /hi/hi-repository/System/Admin/ folder.
Search for <HCRDefaultGeneratorType> tag. By default, this is set to “regular”. Change this setting to bean-datasource. Save the setting.xml file. Once done restart the server.
-
- Create a Datasource Connection :
On the datasources page, create a datasource connection with type Groovy Plan Jdbc. Please note that if you want to apply data security you have to use Groovy Plain JDBC only.
If you click on configure icon, the data source configuration place holder will be opened
Provide the details in the configuration details as shown below :
Make sure that save the configuration code by clicking on“Apply”or (Ctrl+s)
Configuration code :
<driver>com.mysql.jdbc.Driver</driver> //driver
<url>jdbc:mysql://localhost:3306/SampleTravelData </url>//jdbc database url
<user>hiuser</user>//db username
<pass>hiuser</pass>//db password
<condition>
import net.sf.json.JSONObject;
public JSONObject evalCondition() {
JSONObject responseJson = new JSONObject();
responseJson.put("driver","com.mysql.jdbc.Driver");// driver name
responseJson.put("url","jdbc:mysql://192.168.2.51:3306/SampleTravelData"); //jdbc database url
responseJson.put("user","hiuser"); //db username
responseJson.put("password","hiuser"); //db password
return responseJson;
}
</condition>
Note :In the above configuration we are providing mySQL database details, make sure that the mySQL driver has been uploaded from the frontend ( or the relevant driver is present in the drivers folder at the backend.)
Refer to this link to understand How to Add a New Driver
-
- Query:
In the query section, we need to use the GroovyUsersSession class to get the organisation name of the user who is logging in.
In this code we will import GroovyUsersSession class. This class contains information of the current session, like, user name, organization name, role name, profile name etc. In order to apply organization level security, we should fetch the value of currently logged in organization value using this syntax:
GroovyUsersSession.getValue('${org}.name')
We are storing the value in a variable and passing that value in the report SQL to filter the data based on organization name. In the below code you can see that if the Orgname is NULL then we are passing no query in the where clause, whereas if the orgname exists then we are creating a where clause passing orgname into it and limiting the data.
Query in Editor Pane :
import com.helicalinsight.efw.utility.GroovyUsersSession; // we are importing the class : GroovyUsersSession ,it holds the information of currenlty logged in organization
public String evalCondition() {
String orgName = GroovyUsersSession.getValue('${org}.name'); // getting the value of currently logged in organization and stores in a variable
orgName = orgName.replaceAll("'","");
String responseJson;
String selectClause = "select client_name,meeting_date from meeting_details"; //report sql select clause
String orgName1=orgName;
if(orgName.equals("Null")){ // validating the condition
whereClause = "";
}
else {
whereClause = " where client_name in ('${orgName1}') "; // passing the currently logged in organization in the where clause
}
responseJson = selectClause+ "" +whereClause;
return responseJson;
}
Click on apply to save the query and run to see the output.
Report view test case 1 :
Report view when we logged in with USER : hiadmin , Organization : Null
Report view test case 2 :
We created a user bitach_user with Organization as Bitach
Report view when we logged in with USER : bitach_user , Organization : Bitach
Note that the user can view only the entries with client name as Bitach according to the condition that we specified in the SQL query for the report.
Note:Refresh the cache of the report in order to avoid cache data
Note :In order to view data when logged in as a user other than hiadmin, first share the report with that user or role or organization.
Also share the Groovy Data source with proper permissions. To view the Groovy datasource, go to “Advanced” section of the Datasources Page. Its always advisable to share the datasource in execute mode only with other users. Go through our blogs on sharing datasource as well as reports dashboards to learn more.
For further assistance, kindly contact us on support@helicalinsight.com or post your queries at Helical Forum
