Managing Permissions
Permissions, associated with resources including folders, in the public folders in the server resource tree, are the rules that you can grant to users to control their access to resources. This topic describes the permissions that Logi Report Server reserves, and how to manage the permissions for the users, groups, and roles in the server security system.
This topic contains the following sections:
Permissions on Logi Report Server
The following table lists the permissions on Logi Report Server. By default, the system admin has all the permissions on the public folders in the server resource tree, while users that are not system admin only have the Visible and Read permissions on the public folders. An organization admin has all the server permissions on the organization folders.
Permission | Description |
---|---|
Visible | Allows or denies viewing object names in the resource tree or version table, such as folders, resources, and archive versions. |
Read | Allows or denies viewing object properties, versions, and, if it is a folder, folder contents. |
Write | Allows or denies publishing folders and resources, changing the properties (not including permission settings) of the objects in the resource tree or version table, such as folders, resources, and archive versions, and modifying version table settings. |
Execute | Allows or denies:
Running reports, dashboards, or analysis templates via URL is also under the permission control. |
Edit | Allows or denies:
Running reports or dashboards via URL is also under the permission control. |
Schedule | Allows or denies submitting resources to schedules (for report type resources only). |
Delete | Allows or denies deleting objects from the resource tree or version table, such as folders, resources, and archive versions. |
Grant | Allows or denies granting permissions to other users, groups, or roles. Only administrators can assign the Grant permission to other users, groups, or roles. Users, groups, or roles that have obtained the Grant permission are also endowed with the other permissions, and users can then grant these permissions except the Grant permission itself to other users in the same group. |
Update Status | Allows or denies updating report status, and if it is a folder, the status of reports in the folder. |
Editing Resource Permissions for Users, Groups, and Roles
Logi Report Server supports two ways to apply permissions to the set of users. One is the default way of setting permissions for users, groups, and roles. The other is role based definition, in which permissions are defined on roles only, and users and groups are mapped to roles. When Logi Report Server is performing runtime security checking for a given user, it will respect the permissions settings and follow the access control rules when processing the service requests.
Users who have the Grant permission on a resource can manage the permissions of other users, groups, or roles on the resource while publishing the resource to Logi Report Server, editing the resource properties, or when advanced running or scheduling a report to publish to the versioning system. See a sample UI below:
To edit the permissions of the users, groups, and roles on a resource:
- In the setting permission UI, select Enable Setting Permissions.
- Select the Role, User, or Group radio button.
- Select a role, user, or group in the Selected box, then select or clear the required permissions.
If a role, user, or group is not listed in the Selected box, select it in the Available box and select the Add button to add it to the Selected box first, then assign the permissions accordingly.
You can make use of the Search box to search for the required roles, users, and groups in the Available or Selected box: type the text of the principal names you want to search for and the principals containing the matched text will be listed. After typing text in the Search box, you can select that appears in the box to specify the following search options: Highlight All, Match Case, and Match Whole Word. To cancel the search operation, clear the text or select .
- To remove all the enabled permissions from a role, user, or group, first select it in the Selected table, then select . The role, user, or group will be added back to the Available box with no permissions.
To remove permissions for all roles, users, and groups on the resource, clear Enable Setting Permissions.
After you have set permissions for a parent folder, any new resources and subfolders created in that folder will inherit the same permissions. If you do not want them to inherit these permissions, you can enable their user permissions and set their permissions separately. Resources and folders will inherit permissions from their parent folder if their user permissions are not enabled.
- You may need more than one permission to complete a task. For example, you must have both the Visible and Read permissions to view the properties of a report.
- Some permissions depend on other permissions, such as Write, Execute, Edit, and Schedule. Allowing anyone of these will also allow the Read permission.