Overview of Organizations

The architecture of JasperReports Server supports organizations, which are logical entities within JasperReports Server that have their own users, roles, and branch of the repository. Organizations may have sub-organizations to mimic any business structure or hierarchy.

The structure of the repository is determined by the organizations in your deployment. In the default installation, there is a single organization that mimics the simple structure in older versions of JasperReports Server. If you want to deploy multiple organizations, there are many design considerations you must be aware of.

Single Default Organization

After a default installation, JasperReports Server contains a single organization in which you can deploy your reports. For example, if you install the sample data, you see a single organization that holds all sample resources, users, and roles.

Single organizations are designed to handle most business cases and are straightforward to administer. Even in a single organization, there is a system admin and an organization admin that share administrative duties. If the needs of your business call for more organizations, you will have to manage several levels of administrators and possibly create shared resources in the repository. The following sections provide use cases and explain the functioning of multiple levels of administrators.

Multiple Organizations

There are many usage scenarios for defining multiple organizations in JasperReports Server. For instance:

•    An application provider, such as a software-as-a-service (SaaS) company or a computer department, has a hosted application being offered to many customers. It integrates JasperReports Server in its application in order to offer dashboards, reports, and analysis. There are a number of common reports and data sources that are useful across customers, but there are customer specific reports, as well. Machines and databases are shared by customers, according to the provider’s own architecture, but within the functionality provided by JasperReports Server, each customer is a separate organization. Customers can manage their own users in the hosted application, and JasperReports Server maps the application’s authentication scheme to the correct organization. The organization mechanism provides the full power of JasperReports Server to each of the provider’s customers, while ensuring that their data and reports are secure.

•    A company has many departments but wants to consolidate the BI environment so that all departments are sharing a common BI infrastructure. Corporate IT only needs to deploy and maintain a single instance of JasperReports Server, and each department is represented by an organization that manages its own users. For security and simplicity, the departments do not share databases, except in the case of sub-departments, such as Accounts Payable being a sub-department of Finance. Users access JasperReports Server directly, logging in with their department name and user name. Within a department, organization administrators have defined the data sources and Domains specific to the needs of their department’s users.

The organization feature is flexible enough to accommodate any combination of these scenarios and many like it. In all cases, administrators can configure secure environments for any number of organizations, and end-users experience a powerful BI platform that is tailored to their needs.

Each organization or hierarchy of organizations co-exists independently in the same instance of JasperReports Server, which isolates neighboring organizations from each other but allows parent organizations to have full control over their sub-organizations. Users may only access data and resources in their organization or a sub-organization, and administrators may define roles and set permissions to further restrict access.

Delegated Administration

There are essentially three levels of administration:

•    The system administrator – Also called system admin. The ID of the system admin is superuser. He exists outside all the firm’s organizations, manages the JasperReports Server installation, creates top-level organizations, and manages server-wide settings. The system admin can create, modify, and delete users, roles, and repository objects of any organization.

•    The administrator of a top-level organization – Also called organization admin. The organization admin manages all users, roles, and repository objects in an entire organization, including any sub-organizations. The default login name of the organization admin is jasperadmin.

•    The administrator of a sub-organization – Functionally equivalent to an organization admin, but due to the hierarchy of organizations, manages a limited set of user, roles, and repository objects and may be overridden by a top-level organization admin.

Each organization has an administrator who can manage users, roles, and repository permissions in that organization. The administration of organizations is hierarchical, meaning that the administrator can also manage all users and roles in sub-organizations of any level.

When there are sub-organizations, the administrator of the parent organization can either manage their users and roles, or delegate those tasks to an administrator in each sub-organization. The administrator of a sub-organization is limited to accessing resources and managing users and roles in the sub-organization, thereby maintaining the security of the parent organization and any of the parent’s other sub-organizations.