Focal Point
[CLOSED] Self Service application security

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/713108084

July 05, 2010, 07:35 AM
Majid Jeddi
[CLOSED] Self Service application security
Hi,

I have setup siteminder to do the authentication.
For MRE users the authorization part is driven by the authorization process in MRE using groups domains and so on.
But today i am facing a problem with all reports that are on the reporting server:
When a user has a URL, he just types in Iexplorer and he get the report after he gets autehnticated even if he does not have the rights to it.
My question then is :
How can limit the access to an application to only an authorized user or group of users.

Thanks a lot.

This message has been edited. Last edited by: Kerry,


WebFocus 7.6.5
AND WebLogic server as web server
sql2005 as database server
July 05, 2010, 10:53 AM
FrankDutch
Majid

This issue was subject in one of the sessions at the summit this year.
You have to setup some things at the application server, but this is not something to be easy explained via this medium
I would advice to contact the local support and they should be able to help you.




Frank
prod: WF 7.6.10 platform Windows,
databases: msSQL2000, msSQL2005, RMS, Oracle, Sybase,IE7
test: WF 7.6.10 on the same platform and databases,IE7

July 05, 2010, 05:39 PM
Waz
I think that you will have to keep track of the user and check each time they run a report.


Waz...

Prod:WebFOCUS 7.6.10/8.1.04Upgrade:WebFOCUS 8.2.07OS:LinuxOutputs:HTML, PDF, Excel, PPT
In Focus since 1984
Pity the lost knowledge of an old programmer!

July 06, 2010, 08:30 AM
AlexU
Depending on the number of users you might be able to handle it using DBA security. Clients I have dealt with have also created tables to manage users authorization much as MRE manages authentication and authorization. You'll either have to devise your own or contact IBI Professional Services and have someone come in to give you a hand.


WF 7703M, XP/Win7, MRE, RC, BID, PMF, HTML, PDF, Excel 2000/7/10
July 06, 2010, 10:22 AM
Majid Jeddi
Hi,

Thanks to all of you for your suggestion. I will try to contact the support.

Regards.


WebFocus 7.6.5
AND WebLogic server as web server
sql2005 as database server
July 06, 2010, 12:09 PM
dlogan
Reporting Server level authorization can be controlled using APP LOCK (TechMemo 4613).

It does this by locking down the APP PATH after all the server profiles have run.

e.g. You can setup the APP PATH using the Reporting Server Profile (edasprof.prf), group profiles (Depending on RS Security) and user profiles. Once the user profile runs, the APP PATH can no longer be changed.

As a result a user who does not have a certain folder in their APP PATH can not access any of the MAS or FEX within that folder.

In environments where people want the rules to be more complicated than simply Reporting Server, group, and user profiles, I've seen people write a "security fex", that sets the APP PATH based on a custom ruleset.

They then include this FEX in the edasprof.prf, or as part of the &_SITE_PROFILE passed from the WebFOCUS Client.

Thanks,
Doug Logan