Implementing Data Security in Community Edition Reports based on logged in Organization

Introduction: In this blog we are going to explain how to implement data security based on the logged-in organization. We have created sample tabular report having the data of client wise meeting date.

In this example, we want to filter the data based on the organization that the user belongs to. Organization for default super admin and default super user is “Null”. Whenever user logs in using default credentials, data of all the organizations is displayed. In case if the logged in user has organization other than “Null”, he will see data of particular logged in organization only.

Please make sure you have gone through the blog “Introduction to Community Reporting Interface ”. Also please note that organization (multi-tenancy) is only available in enterprise edition and not community edition.

Steps to implement Data Security

1. Data Source
2. Dashboard Layout
3. Parameter
4. Report

1. Data source :

Create data source connection.

The connection is created with default name “connection1”.

We can rename the parameter using pencil icon.

We should select the connection type : Groovy Plan Jdbc

Please note that if you want to apply data security you have to use Groovy Plain JDBC only.



If you click on configure icon, the data source configuration place holder will be opened



The Layout will appear as shown below :



Provide the details in the configuration details as shown below :



Make sure that save the configuration code by clicking on “Apply” or (Ctrl+s)

Configuration code :

<driver>com.mysql.jdbc.Driver</driver> //driver
<url>jdbc:mysql://localhost:3306/SampleTravelData </url>//jdbc database url
<user>hiuser</user>//db username
<pass>hiuser</pass>//db password

<condition>
    import net.sf.json.JSONObject;
				public JSONObject evalCondition() {
					JSONObject responseJson = new JSONObject();
					 responseJson.put("driver","com.mysql.jdbc.Driver");// driver name
					 responseJson.put("url","jdbc:mysql://192.168.2.51:3306/SampleTravelData"); //jdbc database url
					 responseJson.put("user","hiuser"); //db username
					 responseJson.put("password","hiuser"); //db password
					return responseJson;
				}
				</condition>

Note : In the above configuration we are providing mySQL database details, make sure that the mySQL driver has been uploaded from the frontend ( or the relevant driver is present in the drivers folder at the backend.

Refer to this link to understand How to Add a New Driver

2. Dashboard Layout :

In the dashboard layout we basically specify the layout of the report, dashboards, input parameters which we are creating. All the divs are specified here within which they get rendered.

We are creating div with name : emp_details

When you click on dashboard layout a layout similar to below will appear:




In the above screen shot we find two options (left side) HTML and CSS. If you click on HTML/CSS the place holder for respective component will be displayed and highlighted in the Dashboard layout panel.

We can place the code related to HTML, CSS for dashboard layout and styling.

Dashboard layout:

HTML Code:

<script type="text/javascript" charset="utf8" src="https://cdn.datatables.net/1.10.19/js/jquery.dataTables.js"></script>
<div class = "col-sm-12 col-md-12 col-xs-12" id="emp_details"></div>

CSS:

In CSS place holder we can add the CSS related to Tabular customization as well as report customization like back-ground color, report border , border radius, color etc.

3. Parameters :

In this report we are not creating parameters. You can skip this section.

Note: Since we are not creating parameters , we should include the below lines of code in the report configuration.

var dashboard = Dashboard;
Dashboard.resetAll();

4. Report :

You can configure different visualizations to render in different divs in the dashboard layout.

When you click on add report button, the layout will appear as shown below :

Update the default configuration code as per your requirements. We have updated the configuration , see the below screenshot.

By default the report name is created with “report1”.

Here we have renamed as “Tabular” and select chart type as “Table”.

Report Configuration :

var dashboard = Dashboard;
Dashboard.resetAll();

var Table = {
    name: "Table",
	type:  "chart",
	listeners:[],
	requestParameters : {
	
	},
	vf : {
		id : 1,
		file : "__efwvf_name__"
	},
    htmlElementId : "#emp_details",
    executeAtStart: true
};

In the SQL section : choose the connection as “connection1”(As earlier created in the data source section)

Select SQL type as “sql.groovy”

SQL Code functionality :

In this code we will import GroovyUsersSession class.This class contains information of the current session, like, user name, organization name, role name, profile name etc. In order to apply organization level security, we should fetch the value of currently logged in organization value using this syntax :

 GroovyUsersSession.getValue('${org}.name')

We are storing the value in a variable and passing that value in the report SQL to filter the data based on organization

Place holder SQL :

import com.helicalinsight.efw.utility.GroovyUsersSession; // we are importing the class : GroovyUsersSession ,it holds the information of currenlty logged in organization
public String evalCondition() {

String orgName = GroovyUsersSession.getValue('${org}.name'); // getting the value of currently logged in organization and stores in a variable
orgName = orgName.replaceAll("'","");

String responseJson;

String selectClause = "select client_name,meeting_date from meeting_details"; //report sql select clause 

String orgName1=orgName;

if(orgName.equals("Null")){  // validating the condition

whereClause = "";

}

else {
whereClause = " where client_name in ('${orgName1}') "; // passing the currently logged in organization in the where clause
}
responseJson = selectClause+ "" +whereClause;

return responseJson;
}

Visualization :

In the visualization section, we mention the column names that need to be displayed. In this case, we are displaying the client name and meeting date.

<Dimensions>client_name,meeting_date</Dimensions>

Note: After placing the Configuration , SQL , Visualization then click on apply or (control+s).

After completing all the steps save the report by clicking on the Save icon on the top pane.

At the back end, in hi-repository, the following files get created:

1. Efw (Report View file which can also be accessed from the file browser from the frontend)
2. Efwce (Report edit file which can also be accessed from the file browser from the frontend, this file can be used to edit the EFWCE report being created)
3. Efwvf :: This file contains the information about the visualization being used.
4. Html :: This file contains HTML layout, CSS, parameters divs etc.
5. Efwd :: This file has got all the datasource related details

In the front end file browser we can see the below file types:

When we double click on the report view file (with the extension efw) report opens like below. The other file with the extension EFWCE can be used to edit the created report/dashboard again.

Report view test case 1 :

Report view when we logged in with USER : hiadmin , Organization : Null

Report view test case 2 :

We created a user bitach_user with Organization as Bitach

Report view when we logged in with USER : bitach_user , Organization : Bitach

Note that the user can view only the entries with client name as Bitach according to the condition that we specified in the SQL query for the report.

Note: Refresh the cache of the report in order to avoid cache data

Note : In order to view data when logged in as a user other than hiadmin, first share the report and Groovy Data source with proper permissions with that user or role or organization.

For more details on EFWCE reporting refer the documentation :

Introduction to Comunity Reporting Interface

For further assistance, kindly contact us on support@helicalinsight.com or post your queries at Helical Insight Forum