Helical Insight

A Business Intelligence Framework
  • Differentiators
    • BI Framework
    • Canned Report
    • API Support
    • Workflow
    • Instant BI
  • Learn
    • Documentation Guide
    • Tutorial Videos
  • Demos
    • Industry specific demo
    • Job functions specific demo
    • Miscellaneous Use Cases
  • Clients
  • Forum
  • Contact Us
  • Free Download
Introducing World's First
Business Intelligence (BI)
Framework
Read more
Helical Insight Community Edition
Open Source
Github
Open Source With Lowest
Total Cost Of Ownership
And High ROI
Make Quick Informed
Decisions From Your
Complex Multiple
Data Sources
Various Data Visualization Options Like Reports, Dashboard, Geographical
Analytics, Statistical & Scientific Charts etc.

Implementing Data Security In Canned Reports Based On Logged In Organization

Introduction:In this blog we are going to explain how to implement data security based on the logged-in organization. We have created sample tabular report having the data of client wise meeting date.

In this example covered below, we want to filter the data based on the organization that the user belongs to. Organization for default super admin and default super user is“Null”. While creating a user if no organization is assigned to that user then that organization organization is “Null”. Whenever user logs in using default credentials, data of all the organizations is displayed. In case if the logged in user has organization other than“Null”, he will see data of particular logged in organization only.

Please make sure you have gone through the blog“Introduction to Canned Reporting Interface ”. Also please note that organization (multi-tenancy) is only available in enterprise edition and not community edition.

Steps to implement Data Security

    1. Change the setting.xml file:

Open the setting.xml file present in location /hi/hi-repository/System/Admin/ folder.

Search for <HCRDefaultGeneratorType> tag. By default, this is set to “regular”. Change this setting to bean-datasource. Save the setting.xml file. Once done restart the server.

    1. Create a Datasource Connection :

On the datasources page, create a datasource connection with type Groovy Plan Jdbc. Please note that if you want to apply data security you have to use Groovy Plain JDBC only.

If you click on configure icon, the data source configuration place holder will be opened

Provide the details in the configuration details as shown below :

Make sure that save the configuration code by clicking on“Apply”or (Ctrl+s)

Configuration code :

<driver>com.mysql.jdbc.Driver</driver> //driver
<url>jdbc:mysql://localhost:3306/SampleTravelData </url>//jdbc database url
<user>hiuser</user>//db username
<pass>hiuser</pass>//db password

<condition>
    import net.sf.json.JSONObject;
				public JSONObject evalCondition() {
					JSONObject responseJson = new JSONObject();
					 responseJson.put("driver","com.mysql.jdbc.Driver");// driver name
					 responseJson.put("url","jdbc:mysql://192.168.2.51:3306/SampleTravelData"); //jdbc database url
					 responseJson.put("user","hiuser"); //db username
					 responseJson.put("password","hiuser"); //db password
					return responseJson;
				}
				</condition>

Note :In the above configuration we are providing mySQL database details, make sure that the mySQL driver has been uploaded from the frontend ( or the relevant driver is present in the drivers folder at the backend.)

Refer to this link to understand How to Add a New Driver

    1. Query:

In the query section, we need to use the GroovyUsersSession class to get the organisation name of the user who is logging in.

In this code we will import GroovyUsersSession class. This class contains information of the current session, like, user name, organization name, role name, profile name etc. In order to apply organization level security, we should fetch the value of currently logged in organization value using this syntax:

 GroovyUsersSession.getValue('${org}.name')

We are storing the value in a variable and passing that value in the report SQL to filter the data based on organization name. In the below code you can see that if the Orgname is NULL then we are passing no query in the where clause, whereas if the orgname exists then we are creating a where clause passing orgname into it and limiting the data.

Query in Editor Pane :

import com.helicalinsight.efw.utility.GroovyUsersSession; // we are importing the class : GroovyUsersSession ,it holds the information of currenlty logged in organization
public String evalCondition() {

String orgName = GroovyUsersSession.getValue('${org}.name'); // getting the value of currently logged in organization and stores in a variable
orgName = orgName.replaceAll("'","");

String responseJson;

String selectClause = "select client_name,meeting_date from meeting_details"; //report sql select clause 

String orgName1=orgName;

if(orgName.equals("Null")){  // validating the condition

whereClause = "";

}

else {
whereClause = " where client_name in ('${orgName1}') "; // passing the currently logged in organization in the where clause
}
responseJson = selectClause+ "" +whereClause;

return responseJson;
}

Click on apply to save the query and run to see the output.

Report view test case 1 :

Report view when we logged in with USER : hiadmin , Organization : Null

Report view test case 2 :

 

 

We created a user bitach_user with Organization as Bitach

Report view when we logged in with USER : bitach_user , Organization : Bitach

 

 

 

Note that the user can view only the entries with client name as Bitach according to the condition that we specified in the SQL query for the report.

Note:Refresh the cache of the report in order to avoid cache data

Note :In order to view data when logged in as a user other than hiadmin, first share the report with that user or role or organization.

Also share the Groovy Data source with proper permissions. To view the Groovy datasource, go to “Advanced” section of the Datasources Page. Its always advisable to share the datasource in execute mode only with other users. Go through our blogs on sharing datasource as well as reports dashboards to learn more.

For further assistance, kindly contact us on support@helicalinsight.com or post your queries at Helical Forum

canned reports, data security, helical insight, open source

Share with

  • Facebook
  • Twitter
  • LinkedIn
Creating Canned Reports with ALL as default value in Input Parameters
Implementing Data Security In Canned Reports Based On Logged In User

Written by Shailaja Ramchander

Shailaja

Related Posts

  • Usage of Field Calculations
  • Connecting Helical Insight to ElasticSearch
  • Helical Canned Reports: When to Use
  • Implementing Data Security In Canned Reports Based On Logged In User’s Profile Name and Profile Values
  • Home
  • Career
  • Downloads
  • Blog
  • Enterprise Edition
  • Community Edition
  • Learn
  • Video Guides
  • Documentation
  • Press Release

Demos

  • Industry specific demo
  • Job functions specific demo
  • Miscellaneous Use Cases
  • Partners
  • Channel Partners
  • Solution Partners
  • OEM Partners
  • Facebook
  • Twitter
  • Youtube
  • LinkedIn

WordPress Lightbox

Contact Us

✓ Valid Invalid number

Register

✓ Valid Invalid number
Refresh