Rolesdefine sets of users who are all granted similar permissions. Roles are created by administrators, assigned to users, and then assigned permissions in the repository. By default, JasperReports Server includes the following roles; some are needed for system operation, some are included as part of the sample data:
|
Roles in Default JasperReports Server Installation |
|
|
Role |
Description |
|
ROLE_SUPERUSER |
This role determines system admin privileges, as explained in section Scope of Administrative Privileges. It is a system-level role, however the system admin may assign it to organization admins in single-organization deployments. |
|
ROLE_ADMINISTRATOR |
This role determines organization admin privileges, as explained in section Scope of Administrative Privileges. JasperReports Server automatically assigns this role to the default jasperadmin user in every new organization. It is a special system-level role that is visible in every organization and which organization admins may assign to other users. |
|
ROLE_USER |
Every user that logs into JasperReports Server must have this role. The server automatically assigns this role to every user that is created, and it cannot be removed. It is a special system-level role that is visible in every organization. |
|
ROLE_ANONYMOUS |
When anonymous access is enabled, JasperReports Server automatically assigns this role to any agent accessing the server without logging in. This role is also assigned to the default anonymous user. By default, anonymous access is disabled and this role isn’t used. It is a special system-level role that is visible in every organization. |
|
JasperReports Server assigns this role to users that are created automatically when a portal such as Liferay requests authentication for a connection. If the specified user name does not exist in the server, it is created, assigned the password of the user in the portal, and assigned the ROLE_PORTLET and ROLE_USER roles. |
|
|
This role grants access to the SuperMart demo Home page, reports, and if you implement Jaspersoft OLAP, analysis views. This role is assigned to the demo user in the default organization. These objects are available only if you installed the sample data when you installed JasperReports Server. It is a special system-level role that is visible in every organization. |
|
|
ROLE_SUPERMART_MANAGER |
This role is used to assign permissions relative to the sample data. It is a special system-level role that is visible in every organization. It demonstrates data security features available in Jaspersoft OLAP. See the Jaspersoft OLAP Ultimate Guide for more information. |
|
ROLE_ETL_ADMIN |
This role no longer governs any JasperReports Server permissions or functionality, unless it has been customized in your installation. Typically, it can be deleted safely. |
Except for the five special system-level roles visible in every organization, roles are defined in organizations. As with users, the same role ID can be defined in separate organizations, as long as it is unique within any given organization. Similarly, roles are visible only in the organizations that define them. Admins may see all roles within their organization and sub-organizations, but never any roles from a parent or sibling organization. Even if the admin of the parent organization has assigned the role to a user in a sub-organization, the admin of the sub-organization sees the user without the parent role. The interface for managing roles enforces this scoping, so that only valid roles may be assigned to any given user.
The interface for managing roles lets you create roles and assign each role to many users. If you want to assign several existing roles to a single user, see section Managing Users.
To create, modify, delete, or assign a role to users:
| 1. | Log in as an administrator. |
| 2. | Select Manage > Roles or click Roles on the Admin Home page. |
As shown in the following figure, the Manage Roles page displays the roles in the organizations over which you have administrative privileges. The organization to which your user belongs is selected at the root of the organizations hierarchy, and by default, the list of roles shows all roles in all sub-organizations. The five special system-level roles are also listed in every organization.
Roles are listed alphabetically, and multiple roles with the same name may appear. A tooltip shows the organization in which each role is defined, relative to your organization.
See "Manage Roles" shows the default roles in the default organization.
|
|
To narrow the list of roles or find a specific role, click an organization, enter a search string, or both.
The Roles panel shows all roles within the selected organization and its sub-organizations and whose name contains the search string. Scroll and page through the new list, or refine your search.
| 3. | Click a role in the Roles panel to see information about the role. |
The role details appear in the Properties panel, as in the figure.
The panel shows the role name, the organization where it is defined, and the list of users to whom the role has been assigned. Tooltips on the usernames help you distinguish among users with the same name.
|
|
Unless you are logged in as the system admin, you cannot edit or delete the five special system-level roles. Furthermore, when you view the details of the special system-level roles, you only see the users defined in your organization or any sub-organization to which this role has been assigned. For more information, see the table at the beginning of section Managing Roles. |
| 4. | To create a new role, select the organization to add the role to, then click Add Role. Admins can create a role in their own organization or sub-organization. |
The Add Role window appears.
Notice that the organization is selected in the Organizations panel, indicating that the role will be created in Organization, and that the Add Role button specifies the organization’s ID.
|
|
|
Add Role Window |
| 5. | Enter a name for the new role. The window warns you if the name you enter is not unique within the organization. Roles have no other properties or settings. |
|
|
|
Adding New Role |
| 6. | Click Add Role to organization_1 to create the role. |
The new role appears in the Roles panel (unless you used a search term that excludes it), the role is selected, and the role’s properties appear in the Properties panel. Note that no users have been assigned the role yet.
|
|
|
Properties of New Role |
To assign a role to a user:
| 1. | Find the role by searching or selecting an organization, click the role in the Roles panel, then click Edit in the Properties panel. |
The information in the Properties panel becomes editable.
|
|
|
Edit Role Properties |
In the panel, you can change the role name and add and remove users. Changing the name affects all users to which the role is assigned.
|
|
The role name associated with permissions in the repository is also updated. However, changing the name may compromise permissions defined in security files for Domains and analysis. For more information, see the JasperReports Server User Guide. |
| 2. | To add a user to a role, use the arrow buttons to move the role into the Users Assigned list. |
In See "Users Assigned to New Role", the users another and CaliforniaUser have been added.
|
|
To remove a user, move the user into the Users Available list.
The Users Assigned list displays the users currently assigned to the role. The Users Available list displays all unassigned users who are eligible for the role. The eligible users include any user in the organization and sub-organizations where the role is defined. This list may be quite long and include duplicate names. Use the search field to find specific user names, and use the tool tips to differentiate the users.
| 3. | When done modifying the role’s properties, click Save. |
|
|
|
Properties of New Role with Users Added |
To delete a role:
| 1. | Locate and select the role, then click Delete Role. |
When you confirm the deletion, the role is removed completely from JasperReports Server.
