System Permissions Properties

Since version 10, i-net Clear Reports supports several authentication methods. The login type setting defines, how the user has to log into the system and where the permitted usernames are administrated.

The following types are available:

• Automatic
  This entry allows i-net Clear Reports to determine the available method automatically. The server tries to request the login in the following order: External Webserver (a Login URL must be set), Windows Authentication (if the server is running on a Windows operating system), Internal Webserver, Master Password.
• External Webserver
  With this setting, a Login URL to an external webserver can be defined. Users will then have to authenticate against this webserver. If no or no valid Login URL has been defined, a fallback to Master Password authentication is performed.
• Windows Authentication
  If the server runs on a Windows operating system, users will automatically be logged into the system with their Windows accounts. If the servers operating system is not Windows, a fallback to Master Password authentication is performed.
• Internal Webserver
  If i-net Clear Reports is installed and running in an application server, like Apache Tomcat, the authentication system provided by the application server is used. For e.g. Apache Tomcat the default user administration takes place in the tomcat-users.xml file. If there is no authentication system active in the application server, a fallback to Master Password authentication is performed.
• Master Password
  If no Login URL or application server with active authentication system is available, the user can log into the Remote-Interface using a password that is defined by the administrator. The password should have been defined during setup or has to be set with the first access to the Remote-Interface. Using Master Password authentication users will only have access to restricted modules and reports when they log into the Remote-Interface. A direct authentication for reports or interfaces is not possible.

Default value: automatic

If you use a frontend/backend architecture (e.g. Apache/Tomcat), you can use an optional script to use your login information of the frontend webserver. The URL must be accessible from the backend server. See the Security Guide for more information.

If you don't specify an URL, you can log into the Remote-Interface using the password that can be defined with the first access to this site. You will gain the unlimited rights of the system administrator.
Please note that you should define the password for the Remote-Interface right after the installation. Otherwise any unauthorized person can specify it and has access to the system.

Accepts all SSL certificates of the defined login script. This is necessary if you have entered a login URL at an HTTPS location that use a private certificate or a certificate for another host name.

Default value: false

Activates the guest account for the URL prefix "/public". This way, AdHoc Reporting and Repository etc. can be used without creating an account. The URL prefix must be inserted after the context of i-net Clear Reports, e.g.:

http://localhost:<port>/reporting/public/adhoc
instead of
http://localhost:<port>/reporting/adhoc

Default value: false

Defines the username of the guest account. The guest account has access to the modules that are administrated with the rights for user "*" or the entered guest username.

Hint: The change of the guest username will not alter the administrated rights of the previous name.

Default value: guest

This will activate the system permissions check, which means only the users or groups with the configured permissions will be able to access the different modules.

Default value: false

Editing System Permissions

To add a new user or role and define their permissions, just click on the "Add User" or "Add Role" button in the toolbar of the configuration area in the category: System Permissions. A new dialog will appear where you can enter the name of the user or role and the set the module permissions for this user or role. After clicking the OK button the user or role will be added to the permissions tree.
To edit a user or role just select its node (click on its name in the tree) and click the Edit button from the toolbar. The dialog will appear again, allowing you to edit the permissions. Press Ok to apply the changes you've made to the given user or role.
To delete a user or role select it in the tree and press the Delete button to remove it from the tree.
The tree has 2 view modes, which can be toggled by clicking the Change View button in the toolbar. The "normal" view mode is the user/role view where all permission holders are grouped by user or role category. The second view is the permission view, where the users and roles are grouped by the different types of permissions they hold.

Remote Modules

Currently the following permissions for the Remote-Interface are available:

• Ad Hoc Reporting: allows the user or role to access the Ad Hoc Reporting module.
• Configuration Manager: allows the user or role to access the remote Configuration Manager.
• Data Source Configuration: allows the user or role to access the remote Data Source Configuration Manager.
• Repository Browser: allows the user or role to access the remote Repository Browser.

Interfaces

Currently the following permissions for interfaces are available:

• Ad Hoc Service: allows the user or role to access the Ad Hoc Applet (Context /adhoc) and the Ad Hoc HTTP interface, which is required to connect a remote Report Wizard.
• Remote Designer incl. WebDAV: allows the user or role to access the Webdav interface (Context /repository) and the usage of the Remote Designer.
• Remote Data Sources: allows the user or role to retrieve the remote Data Sources of the server via the Remote Designer or the ad hoc feature.
• XML-RPC Interface: allows the user to make use of the XML-RPC interface. For an overview over which XML-RPC methods are offered, refer to the XML-RPC API page (Context /xmlrpc).