Restricting access to Actuate Visualization Platform client features using functionality levels
Actuate Visualization Platform client provides functionality levels that control which features are available to a user. By default, each user can access all of the functionality level features. To restrict access to features for user groups, the Actuate Visualization Platform client administrator can modify functionality levels and add additional levels by editing the configuration file. The standard location for the Actuate Visualization Platform client configuration file is <context root>\WEB-INF\functionality-level.config.
When configuring security roles, make sure that any roles specified in the configuration file also exist in the volume. Because all users automatically belong to the All security role, all users receive the functionality associated with the Basic or the Open functionality level plus the functionality associated with any other roles they have. When restricting access to features, remove the feature from the Open functionality level or comment out the Open level completely and use the Basic functionality level. Understanding the provided functionality levels.
There are four default functionality levels provided in comments. When the comment tags are removed, the provided functionality levels give the following access.
Users with the Basic level can perform the following tasks:
*Access Documents and Job history
*Delete their own files.
Basic level users cannot perform any other modifications.
Users at the Intermediate level have all the Basic level access, and can also perform the following tasks:
*Search documents.
*Create their own job notifications with attachments.
*Upload and download files.
*Use the interactive viewer, if this option is licensed.
Users at the Advanced level have all the Intermediate level access, plus they can perform the following tasks:
*Create and delete folders.
*Share files and folders.
*Set job priority.
Users at the Administrator level can perform all Advanced level tasks.
Use Actuate iHub Visualization Platform client configuration to associate the levels with users in the volume by assigning the appropriate roles to each user.
Customizing functionality levels
Customize or add functionality levels by modifying or creating a level definition in functionality-level.config. A functionality level definition consists of five parts:
*Level name
The level name must be a unique alphanumeric string, enclosed within <Name> and </Name> tags.
*Matching security role
The name of the security role that corresponds to the functionality level. Both the security level and the functionality level must exist before the functionality level can be assigned to a user. Enclose the role name with <Role> and </Role> tags.
*Available features
Table 2‑8 describes the five available features.
Table 2‑8 Features for functionality levels 
Feature
Description
Documents
Provides access to files and folders
Jobs
Allows submitting and accessing jobs
Mobile
Provides access to BIRT mobile viewing
Search
Provides access to the file search facility
Features are specified one per line and are enclosed within <FeatureID> and </FeatureID> tags. When a feature is omitted from a functionality level, the corresponding side menu or banner item is hidden to anyone assigned that functionality level. For example, the Search feature is not provided in the Basic functionality level, so the Search link does not appear for users with the Basic functionality level.
*Available subfeatures
Subfeatures correspond to actions that you can perform through Actuate Visualization Platform client. Most subfeatures are associated with a feature. A subfeature cannot be included in a functionality level if its corresponding feature is not included. The subfeatures are described in Table 2‑9.
Table 2‑9 Subfeatures for functionality levels 
Subfeature
Feature
Description
AddFile
Documents
Permits adding files when the user has the appropriate privileges
AdvancedData
NA
Permits the modifying and synchronizing of data sets in BIRT Studio
CreateFolder
Documents
Permits creating folders when the user has the appropriate privileges
Dashboard
BusinessUser
NA
Permits use of dashboards
Dashboard
Developer
NA
Permits design and administration of dashboards
DeleteFile
Documents
Permits deleting files when the user has the appropriate privileges
DeleteFolder
Documents
Permits deleting folders when the user has the appropriate privileges
DownloadFile
Documents
Permits downloading files when the user has the appropriate privileges
InteractiveViewing
NA
Permits opening Interactive Viewer
JobPriority
Jobs
Permits setting job priority, up to the user’s maximum job priority
SelfNotificationWithAttachment
Jobs
Activates e-mail notification for successful jobs
ShareDashboard
NA
Permits sharing dashboards when the user has the appropriate privileges
ShareFile
Documents
Permits sharing files when the user has the appropriate privileges
Subfeatures are specified one per line, enclosed within <SubfeatureID> and </SubfeatureID> tags.
The following code shows a sample functionality level entry:
<Level>
<Name>ViewAndSearch</Name>
<Role>All</Role>
<FeatureID>Jobs</FeatureID>
<FeatureID>Documents</FeatureID>
<FeatureID>Search</FeatureID>
<SubfeatureID>ShareFile</SubfeatureID>
<SubfeatureID>DeleteFile</SubfeatureID>
</Level>
The level is named ViewAndSearch and is available to all security roles. Users with ViewAndSearch functionality can run jobs, access documents, and search for files. In addition, they can share and delete their own files.
Preserving functionality levels and features
The functionality-levels.config file is overwritten during upgrade installations. This change ensures that new levels, features, and subfeatures are available to you with your new Actuate Visualization Platform client installation. If you have modified your existing functionality-level.config file, make a backup of the changes before the upgrade. Use the backed-up file to access your changes and merge them into the new functionality-level.config file.