Reporting Server/Domains Translation and Security
Contents |
An important feature of Openbravo data handling is that a user can only see data related to the organizations for which he/she is authorized. This is called organizational filtering.
The same organizational filtering is also supported in our reports server. This document describes how to add and enable the correct logic.
The organizational filtering is included in the Jasper domain definition. Another functional topic solved in this part of the solution is translation with a label property file.
Single sign on and organizational filtering
The Openbravo backoffice automatically creates a user in the reports server when a user navigates from the Openbravo backoffice to the reports server or when a report is shown directly in the Openbravo backoffice. When a user accesses the reports server navigating from the Openbravo backoffice the system will automatically create and/or update the user in the reports server. An important user attribute which is set in the reports server user profile is the list of readable organizations as it is set in Openbravo for that user at that point in time. This user attribute is updated at every automatic login from Openbravo to the reports server.
The important thing is that you can make use of this user attribute in input control and domain security files.
Domain Security File
The readable organization user attribute can be used in the definition of a domain security file for your domain. Most of the time a domain definition will contain a join with the obrtmd_org (organization) table. The following domain security file can be added to your domain to support organizational filtering.
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted"> <resourceAccessGrants> <!-- Row level security --> <!-- What access do roles/users have to the rows in the resource? --> <resourceAccessGrantList id="Dataset_List" label="ListLabel" resourceId="Dataset"> <resourceAccessGrants> <!-- Row level for Organizations --> <resourceAccessGrant id="Dataset_row_access_grant_20"> <principalExpression>attributesService.getAttribute('readableOrgs', null, false) != null </principalExpression> <filterExpression>testProfileAttribute(obrtmd_org.obrtmd_org_id,'readableOrgs') </filterExpression> </resourceAccessGrant> </resourceAccessGrants> </resourceAccessGrantList> </resourceAccessGrants> </securityDefinition>
Note: as long as your domain has a obrtmd_org table the above security file will work. Jasper will automatically create the necessary joins within the adhoc-view.
Translation of Domains
The tables and columns labels of a domain can be localized so that a user logging in with a specific locale will see the column and table names in his/her language. Translation is done through a property file (per language) which is uploaded in the repository and linked to a domain. See the jasper documentation here for more information.
A label property file must use the ISO-8859 encoding and has this format:
DATASET.LABEL=Dataset DATASET.DESCR= DATASET.OBRTS_OL_SALES_BASE_MV.LABEL=Sales Base MV DATASET.OBRTS_OL_SALES_BASE_MV.DESCR= DATASET.OBRTS_OL_SALES_BASE_MV.BPARTNERCATEGORY.LABEL=Business Partner Category DATASET.OBRTS_OL_SALES_BASE_MV.BPARTNERCATEGORY.DESCR= DATASET.OBRTS_OL_SALES_BASE_MV.BUSINESSPARTNER.LABEL=Business Partner DATASET.OBRTS_OL_SALES_BASE_MV.BUSINESSPARTNER.DESCR= DATASET.OBRTS_OL_SALES_BASE_MV.CHANNELNAME.LABEL=Channel DATASET.OBRTS_OL_SALES_BASE_MV.CHANNELNAME.DESCR= DATASET.OBRTS_OL_SALES_BASE_MV.CITYNAME.LABEL=City DATASET.OBRTS_OL_SALES_BASE_MV.CITYNAME.DESCR= DATASET.OBRTS_OL_SALES_BASE_MV.COUNTRYCODE.LABEL=Country Code DATASET.OBRTS_OL_SALES_BASE_MV.COUNTRYCODE.DESCR=
Normally only the LABEL properties are translated. You can generate a property file from the domain. When adding new labels to the property file check the order, they should be specified in the same order as what gets generated by Jasper. If not then it is possible that your label will not be recognized.
Location of labels and domain security file
The translation property file and the domain security file should be placed in the Resources folder of your module folder.