Overview
Version
| Report Server Version | Functional Change |
|---|---|
11.0 | / |
11.0.31 | Added the parameter $fine_role_id to prevent invalid permission configuration caused by role renaming. |
Function Description
Fine-grained permission control refers to permission control of fine-grained aspects within a template, such as cell data, widgets, hidden rows/columns, toolbars, sheets, and charts.
Assume that you want to display operable items for different roles/users logging in to the system. For example, different buttons are shown on the toolbar, different cells are displayed during template preview, different editing permissions are assigned for certain widgets during data entry, and different data records are provided during data access.
Fine-Grained Permission
FineReport provides two different ways to control permissions with fine granularity. One is the fully-visual permission editing, and the other is the permission control based on the condition attributes configured by FineReport's built-in parameters.
Permission Editing
Open the designer, open the template for which permission control needs to be configured, and choose Template > Enter Permission Edit to enter the permission editing page, as shown in the following figure.
Open the designer, click a role on the role panel, and set permissions on the permission setting panel for items such as cells, widgets, toolbars, and sheets on the permission editing panel, as shown in the following figure.
Note:1. The roles listed on the role panel are automatically loaded from the roles in the decision-making system. You need to re-configure permissions for roles renamed.
2. Currently, FineReport only supports fine-grained permission control of template toolbars, widgets, cells, floating elements, rows/columns, and multiple sheets.
Parameter Permission Control
After user authentication, the default parameters fixed in the report, $fine_username, $fine_role, $fine_position, and $fine_role_id, will be saved in the session.
Functions GETUSERDEPARTMENTS() and GETUSERJOBTITLES() are also provided to get departments and positions respectively.
In the same report environment, the corresponding values can be directly obtained by parameters in the template and then filtered and judged in the template to display different data and styles.
The following table lists parameters and functions related to fine-grained permission control.
| Parameter | Description | Example |
|---|---|---|
$fine_username | This parameter is used to get the name of the user logging in to the system. | For example, if the login username is Anna, $fine_username returns Anna. |
$fine_role | This parameter is used to get the role logging in to the system. | (1) If the logged-in user is a super administrator, $fine_role returns superusers. (2) If the logged-in user is of a custom role (for example, data architect), $fine_role returns data architect. (3) If the logged-in user has no role, the parameter value is empty. (4) If the logged-in user is of multiple custom roles, $fine_role_id returns role 1,role 2. |
$fine_role_id | This parameter is used to get the ID of the role logging in to the system. | (1) If the logged-in user is a super administrator, $fine_role_id returns super-user-custom-role. (2) If the logged-in user is of a custom role (for example, data architect whose ID is 7b37b885-190d-4db0-b3d3-bf2d15285447), $fine_role_id returns 7b37b885-190d-4db0-b3d3-bf2d15285447. (3 If the logged-in user has no role, the parameter value is empty. (4) If the logged-in user is of multiple custom roles, $fine_role_id returns ID of role 1,ID of role 2. |
$fine_position | This parameter is used to get departments and positions. The returned value is an array composed of a department and position. | (1) If the logged-in user is the HR director (HR-Director), $fine_position returns {"departments":"HR","jobTitle":"Director"}. (2) If the logged-in user is both the HR director (HR-Director) and the president of the leadership department (Leadership Department-President), $fine_position returns {"departments":"HR","jobTitle":"Director"},{"departments":"Leadership Department","jobTitle":"President"}. (3) If the logged-in user has no department and position, the parameter value is empty. |
GETUSERDEPARTMENTS() | This parameter is used to get the department within the department-position. If the department has multiple levels, all levels are returned. If multiple departments exist, all departments are returned. | (1) If the logged-in user is the HR director (HR-Director), GETUSERDEPARTMENTS() returns HR. (2) If the logged-in user is the team leader of the eastern sales department (Sales Department-Eastern Sales Department-Team Leader), GETUSERDEPARTMENTS() returns Sales Department,Eastern Sales Department. (3) If the logged-in user is both the HR director (HR-Director) and the president of the leadership department (Leadership Department-President), GETUSERDEPARTMENTS() returns HR,Leadership Department. (3) If the logged-in user has no department, the parameter value is empty. |
GETUSERDEPARTMENTS(X) | This parameter is used to get the No.X department within the department-position. If the No.X department does not exist, an empty value is returned. | (1) If the logged-in user is the leader of team 1 in the eastern sales department (Sales Department-Eastern Sales Department-Eastern Sales Team 1-Team Leader), GETUSERDEPARTMENTS(3) returns Eastern Sales Team 1, and GETUSERDEPARTMENTS(3,2) returns Eastern Sales Team 1,Eastern Sales Department. (2) If the logged-in user is the team leader of the eastern sales department (Sales Department-Eastern Sales Department-Team Leader), GETUSERDEPARTMENTS(3) returns an empty value, and GETUSERDEPARTMENTS(3,2) returns Eastern Sales Department. |
GETUSERJOBTITLES() | This parameter is used to get the position within the department-position. If multiple positions exist, all positions are returned. | (1) If the logged-in user is the HR director (HR-Director), GETUSERJOBTITLES() returns Director. (2) If the logged-in user is both the HR director (HR-Director) and the president of the leadership department (Leadership Department-President), GETUSERJOBTITLES() returns Director,President. (3) If the logged-in user has no position, the parameter value is empty. |
Note:1. $fine_username, $fine_role, $fine_position, and $fine_role_id are default parameters in FineReport. Therefore, these parameters are case-sensitive when being invoked.
2. Simulation calculations are not supported.
For details about parameter permission control, see Fine-Grained Permission Control by Parameter.
Notes
Problem: If dataset synchronization is enabled during fine-grained permission control, the departments Technical supportChief dispatcher and Technical supportFirst-line technical support from the built-in dataset appear in the configured roles during permission editing in the designer, but do not appear in the departments of the synchronized dataset. And the roles and departments related to Technical support cannot be found on the user page of the decision-making system.
Cause: These two roles are used in the reporting process of the product's built-in demo. Therefore, these two roles are displayed by default in the configured roles, which, however, does not affect normal use.
Solution: In the FineReport designer, choose Server > Server Configuration, and deselect Use Toolbar on the Pagination Preview Setting, Data Entry Setting, and Data Analysis Setting pages.
The following figure shows specific steps.
Through the above steps, the default template toolbars on the server are cleared.
To achieve fine-grained toolbar control for a single template, you can open the template, choose Template > Web Attribute on the menu bar, select Set for This Template Separately, and add the tools required for the template. The following figure shows specific steps.
Previous:Remote Design FAQ
