Lesson 6: Security
Logi Report Server provides a security system that protects the resources on the server from inappropriate access by users. In addition to controlling resource-level access, the security system can control access to certain fields or certain information based on the user's role or group level information.
As an alternative to the built-in security system, an LDAP Server can be used for Logi Report Security. Logi Report provides interfaces to synchronize with a variety of LDAP servers as well as directly authenticate to an LDAP directory. Conversely, a Security token can be passed to Logi Report for authentication. Logi Report provides an interface for authentication.
This lesson contains the following tasks:
- Task 1: Create a New User
- Task 2: Enable Auditing for the User
- Task 3: Assign Permissions to the User, Group, or Role
To use Logi Report Server, you must have a user account, which consists of a unique user name and a password. Logi Report Server verifies your identity when you type your user name and your password and then log on. If your user account has been disabled or deleted, Logi Report Server prevents you from accessing the web services that Logi Report Server provides, in order to ensure that only valid users can access the resources that they have permission to see.
Logi Report Server comes with two built-in user accounts, which are admin and guest. The built-in user accounts cannot be deleted. The admin user account can neither be deleted nor disabled.
To create a user account:
- In the Logi Report Server console, point to Administration on the system toolbar, and then select Security > User from the drop-down menu.
- In the User page, select the New User link.
- Complete the New User dialog box with any user information you would like to use and select OK to create the user.
Although it doesn't matter for this lesson, the Publish privilege is an important aspect of user definition. Users can either be granted or denied the ability to publish resources to Logi Report Server based on the checkbox.
- The newly-created user is listed in the user table.
Users can be grouped. Often a set of users require the same security privileges. That is, everyone in the Sales organization can view the Sales reports. By creating a named group, you can efficiently manage the security of a set of users. This saves a lot of time when setting permissions. By setting permissions to the Sales group you don't need to change anything as users are deleted and added into the sales organization. Roles are very similar to groups, you can assign users to groups and assign groups to roles then apply permission just to the roles.
You can also assign roles to users. Roles help you efficiently manage the user rights and permissions that are required to perform operations on resources. Assigning one or more roles to users gives the users all of the user rights and permissions the roles have to perform their jobs with. A role can also be assigned to other groups or roles, and hence the groups or roles will inherit the resource and folder permissions that the roles have. Logi Report Server comes with two built-in roles, which are administrators and everyone. The built-in roles cannot be deleted.
For a user that is not an administrator, you can add more scheduling recipients to the user according to his permission, so that the user will be able to send scheduled report results via emails to the email addresses of the recipients conveniently.
Logi Report Server can record user access and management information in the log files by auditing the user.
To audit the user:
- In the User page, locate the user you want to audit from the user table, then select the corresponding Auditing link in the Control column.
- In the Auditing dialog box, select the OK button to accept the supplied defaults.
Events are recorded in the log file.
Permissions, associated with resources and folders which locate in the public folders, are the rules that are granted to users, groups, and roles to control their access to resources and folders. The permissions include: Visible, Read, Write, Execute, Edit, Schedule, Delete, Grant, and Update Status.
After you set permissions on a parent folder, new resources and sub folders created in the folder inherit these permissions. If you do not want them to inherit permissions, you can also set their permissions separately.
To set, view, change, or remove resource permissions:
- In the Resources page of the server console, browser to the resource on which you want to set permissions.
- Put the mouse pointer over the resource row, then select the Properties button on the floating toolbar.
- In the Properties dialog box, switch to the Permission tab, select Enable Setting Permissions, then select the role/user/group in the Selected box and select or clear the required permissions. If the role/user/group is not listed in the Selected box, select the corresponding radio button below the Available box, add the role/user/group to the Selected box and then assign the permissions accordingly.
To remove resource/folder permissions for all users, groups and roles, clear the Enable Setting Permissions option.
- Select OK to confirm the settings.