The report developer uses a data model that contains data security rules in the same way as any other data model. Categories and columns with or without data security rules appear exactly the same in BIRT Designer Professional. Data security rules apply both to a data design data source accessing live data and to a data store data source that accesses cached data. If any data security rule assigned to data used in a report evaluates to false on a particular data row, the whole row is discarded and is not available for display.
To use data protected by data security rules, access the data directly from a data model. Using the data model or the data sets in the data object as data sets does not apply the data security rules.
A data security rule can be assigned to categories, columns, or a combination of both. A report using data protected by data security rules displays protected data as shown in Table 11‑1.
Table 11‑1 Effect of data security rule on data in report
Assignment of data security rule
Rule evaluates to
Result set data displayed in report
Category
True
Data set row
Category
False
No data set row containing any columns in the protected category
Column
True
Data set row
Column
False
No data set row containing the protected column
Any data set row containing only non-protected columns even if the data set contains columns from the same category as the protected columns
Comparing the design and deployment environments
BIRT Designer Professional checks data security rules only when explicitly viewing a report with data security. Choosing Run➛View Report runs the report without checking data security rules. The report appears in the viewer as though all security conditions are valid. Choosing Run➛View Report with Data Security provides an entry field in which the report developer types one or more sample security IDs. The report appears in the viewer, showing only the data for a user having those security IDs.
BIRT iHub always checks data security rules. To check data security rules on a data object in a volume, log in to the volume as a user having the security IDs to test. Then, run a report that uses the secured data or use Report Studio to design a new report using the secured data.
Comparing data security using live and cached data
A report design using a data design file as a data object data source accesses live data. A report design using a data file as a data object data source accesses cached data. A report document contains the data secured at generation time.
A data design file contains data security rules. A data file generated from a data design file contains the rules in the data design file at the time the data file was generated.
A report design using a data file uses the rules contained in that data file. If the data design developer updates the data security rules, the new rules do not take effect in the report design until the data file is regenerated.
Neither Report Studio nor Interactive Crosstabs support using a data design that uses data security. To use data security in Report Studio or on an Interactive Crosstab, use a data file instead. For more information about Interactive Crosstabs, see Using Information Console. For more information about Report Studio, see Using Report Studio.
