Restricting access to Actuate Java Components features using functionality levels

Actuate Java Components provides functionality levels that control which features are available to a user. By default, each user can access all of the functionality level features. To restrict access to features for user groups, the Actuate Java Components administrator can modify functionality levels and add additional levels by editing the configuration file. The standard location for the Actuate Java Components configuration file is <context root>\WEB-INF\functionality-level.config.

When configuring security roles, make sure that any roles specified in the configuration file also exist in the Encyclopedia volume. Because all users automatically belong to the All security role, all users receive the functionality associated with the Basic or the Open functionality level plus the functionality associated with any other roles they have. When restricting access to features, remove the feature from the Open functionality level or comment out the Open level completely and use the Basic functionality level. Understanding the provided functionality levels.

There are four default functionality levels provided in comments. When the comment tags are removed, the provided functionality levels give the following access.

Users with the Basic level can perform the following tasks:

Access Documents

Delete their own files.

Basic level users cannot perform any other modifications.

Users at the Intermediate level have all the Basic level access, and can also perform the following tasks:

Search documents.

Upload and download files.

Use the interactive viewer, if this option is licensed.

Users at the Advanced level have all the Intermediate level access, plus they can perform the following tasks:

Create and delete folders.

Share files and folders.

Users at the Administrator level can perform all Advanced level tasks.

Customizing functionality levels

Customize or add functionality levels by modifying or creating a level definition in functionality-level.config. A functionality level definition consists of five parts:

Level name

The level name must be a unique alphanumeric string, enclosed within <Name> and </Name> tags.

Matching security role

The name of the security role that corresponds to the functionality level. Both the security level and the functionality level must exist before the functionality level can be assigned to a user. Enclose the role name with <Role> and </Role> tags.

Available features

Table 4‑3 describes the available features.

Table 4‑3 Features for functionality levels
Feature	Description
Documents	Provides access to files and folders
Search	Provides access to the file search facility

Features are specified one per line and are enclosed within <FeatureID> and </FeatureID> tags. When a feature is omitted from a functionality level, the corresponding side menu or banner item is hidden to anyone assigned that functionality level. For example, the Search feature is not provided in the Basic functionality level, so the Search link does not appear for users with the Basic functionality level.

Available subfeatures

Subfeatures correspond to actions that you can perform through Actuate Java Components. Most subfeatures are associated with a feature. A subfeature cannot be included in a functionality level if its corresponding feature is not included. The subfeatures are described in Table 4‑4.

Table 4‑4 Subfeatures for functionality levels
Subfeature	Feature	Description
AddFile	Documents	Permits adding files when the user has the appropriate privileges
AdvancedData	NA	Permits the modifying and synchronizing of data sets in BIRT Studio
CreateFolder	Documents	Permits creating folders when the user has the appropriate privileges
DeleteFile	Documents	Permits deleting files when the user has the appropriate privileges
DeleteFolder	Documents	Permits deleting folders when the user has the appropriate privileges
DownloadFile	Documents	Permits downloading files when the user has the appropriate privileges
InteractiveViewing	NA	Permits opening Interactive Viewer
ShareFile	Documents	Permits sharing files when the user has the appropriate privileges

Subfeatures are specified one per line, enclosed within <SubfeatureID> and </SubfeatureID> tags.

The following code shows a sample functionality level entry:

<Level>

<Name>ViewAndSearch</Name>

<FeatureID>Documents</FeatureID>

<FeatureID>Search</FeatureID>

<SubfeatureID>ShareFile</SubfeatureID>

<SubfeatureID>DeleteFile</SubfeatureID>

</Level>

The level is named ViewAndSearch and is available to all security roles. Users with ViewAndSearch functionality can run jobs, access documents, and search for files. In addition, they can share and delete their own files.

Preserving functionality levels and features

The functionality-levels.config file is overwritten during upgrade installations. This change ensures that new levels, features, and subfeatures are available to you with your new Actuate Java Components installation. If you have modified your existing functionality-level.config file, make a backup of the changes before the upgrade. Use the backed-up file to access your changes and merge them into the new functionality-level.config file.