I. Overview
1) Fine-grained permission control means control of visible contents in corresponding templates, and controllable contents include cell contents, widgets, rows and columns, toolbars, sheets and charts, among others.
2) FineReport offers two ways of fine-grained permission control: one is fully visible permission edition, and the other is to control view permissions according to the in-built parameters available in FineReport.
II. Visible permission edition pane
Open the designer, click [Template] > [Permission Edition] to enter the permission edition interface. You may choose a role from the lower-left role pane and set permissions in the permission setting pane for contents such as cells, widgets, toolbars and sheets in the permission edition pane, as shown below:
Note
FineReport only supports fine-grained permission control for toolbars, widgets, cells, floating elements, rows and columns, and multiple sheets for the time being.
III. Control permissions via parameters
After a user logs in through the decision-making platform, the values of three default parameters ($fine_username, $fine_role and $fine_position) will be temporarily stored in the system while after the user logs out, these values will be destroyed. (These values are recorded by Session)
Meanwhile, the system provides two in-built functions, namely GETUSERDEPARTMENTS() and GETUSERJOBTITLES(), used respectively to fetch departments and positions of roles.
A template can directly use the three default parameters and the two in-built functions. Filtering by these parameters and functions in a template allow different users to see different report contents.
| Type | Form when called | Remarks |
|---|---|---|
| Parameter | $fine_username | It is used to match a user’s username. For instance, the permissions of user Anna can be controlled through the judgment condition $fine_username="Anna". |
| $fine_role | It is used to match a user’s role. To control administrator permissions, use the judgment condition: $fine_role="superusers" To control a role’s permissions, e.g., a user whose role is [Data architect], use the judgment condition: $fine_role="Data architect". If a user has more than one role, e.g., Anna acts concurrently as role A and B, after the permissions of role A are restricted, Anna can still access contents that cannot be viewed by role A as Anna also acts as role B. | |
| $fine_position | It is used to match a user’s department and position. The return value is composed of department and position, and in JSON format. For instance, to control the permissions of the HR manager, use the judgment condition: $fine_position={"departments":"Human Resource","jobTitle":"Manager"} | |
| Function | GETUSERDEPARTMENTS() | It is used to return a user’s department. For instance, if the HR manager logs in to the system, then the return value of GETUSERDEPARTMENTS() is "Human Resource". If the department of a user has different levels, then the function can return the department name of the specified level. Suppose there are three levels, then GETUSERDEPARTMENTS(3,2) returns department names at the third and second levels of the department, and the type of return value is array. If there are two levels at most, then it only returns the department name at the second level. |
| GETUSERJOBTITLES() | It returns a user’s position. For instance, if the HR manager logs in to the system, then the return value of GETUSERJOBTITLES() is "Manager". |
IV. Directly control permissions through dataset parameters
1. Prepare a template
1) Create a new DB Query dataset ds1:
SELECT T1.Region,T1.Salesperson,T1.Product_types,T1.Product,T1.Sales_Volume
FROM Sales_Volume T1 LEFT JOIN userinfo T2
ON T1.Salesperson = T2.information_fullname
WHERE T2.information_username='${fine_username}'
2) Design the template as follows:
2. Mount the template to the platform
The administrator mounts the designed template to the decision-making platform.
3. Assign permissions to view the template
The administrator assigns the permissions to view the template to user Han Wen.
4. View the effect
When Han Wen logs in to the decision-making platform and accesses the template, the template automatically filters information on Han Wen, as shown below:
V. Control permissions through the parameter pane
1. Prepare a template
1) Create a new DB Query ds1:
SELECT T1.Region,T1.Salesperson,T1.Product_types,T1.Product,T1.Sales_Volume
FROM Sales_Volume T1 LEFT JOIN userinfo T2
ON T1.Salesperson = T2.information_fullname
WHERE T2.information_username='${fine_username}'
2) Design the template as follows:
2. Add widgets
Add a drop-down box widget and a Query button in the parameter pane. Select the drop-down box widget, set the widget name as fine_username and set data dictionary, as shown below:
3. View the effect
Click Pagination Preview and you may filter data through the drop-down box, as shown below:
VI. Control permissions through conditional formatting
1. Prepare a template
1) Create a new DB Query ds1:
SELECTT1.Region,T1.Salesperson,T1.Product_types,T1.Product,T1.Sales_Volume
FROM Sales_Volume T1 LEFT JOIN userinfo T2
ON T1.Salesperson = T2.information_fullname
WHERE T2.information_username='${fine_username}'
2) Design the template as follows:
2. Add conditional formatting
If the role of Han Wen is Data architect and Han Wen is expected to be unable to view the column [Sales_Volume] when logging in to the platform and accessing the template, then select cell E2 and add conditional formatting. Select [Column Width] and add the formula condition $fine_role='Data architect', as shown below:
If a user has more than one role, it is recommended to modify the formula condition to find('Data architect',$fine_role)>0.
3. Mount the template to the platform
The administrator mounts the designed template to the decision-making platform.
4. Assign permissions to view the template
The administrator assigns the permissions to view the template to Han Wen.
5. View the effect
When Han Wen logs in to the decision-making platform and accesses the template, the effect is shown below, with sales data not displayed:
6. Modify formula condition
If the department and position of Han Wen are Sales Department and Sales, to control permissions through department and position, you may modify the formula in conditional formatting to
If Han Wen is a department and position user, whose department is Sales Department and positions is Sales, then GETUSERDEPARTMENTS()='Sales department' and GETUSERJOBTITLES()='Sales', as shown below: