This chapter explains how to use the Roles to control access to Data and override the General Settings.
Roles are created to specify how a user or group of users interfaces with Exago. Roles can restrict access to folders or Data Objects. Roles can also override the General Settings.
NOTE. Exago was designed to be an integrated reporting solution for other applications using the application’s own security and authentication methods. Although you can create Roles through the Administration Console, Roles are typically created through the API to dynamically set a user's access. For more information see the articles regarding Integration and API.
Roles have five sections to control access: Main, General, Folders, Objects, and Filters.
Controls the broad properties of the Role.
Overrides General Settings.
Controls which report folders a role can see and edit.
Controls which Data Objects a role can access.
Provides row level filters on Data Objects.
The main settings control the broad properties of the Role.
The Main role settings are:
A name for the role.
Check to activate the role.
If checked, all folders that are not listed in Folder Access will be available. If unchecked, only those listed in Folder Access will be available.
If checked, all folders that are not specified in Folder Access will be execute-only. If unchecked, only those specified in Folder Access will be execute-only.
Displays/Hides the Folder Management Icon and functionality.
If checked, all Data Objects that are not listed in Objects Access will be available. If unchecked, only those listed in Objects Access will be available.
The General Settings of a Role override the Global General Settings. Utilize the API in order to overwrite additional settings for a user or group of users. For more information see API.
The following settings can be overwritten:
The parent folder for all reports. The Report Path can be:
The format of date values. Can be any .NET standard (ex. MM/dd/yyyy). Leave blank to use the browser culture.
The format of time values. Can be any .NET standard (ex. h:mm:ss tt). Leave blank to use the browser culture.
The format of date-time values. May be any .NET standard (ex. M/d/yy h:mm tt). Leave blank to use the browser culture.
NOTE. For more details on .NET Date, Time and DateTime Format Strings please see here.
Symbol used to separate 3 digit groups (ex. thousandths) in numeric values. The default is ‘,’.
Symbol prepended to numeric values to represent currency. The default is ‘$’.
Symbol used for numeric decimal values. The default is ‘.’.
Value that is used to convert server to client time (the negation is used to convert client to server time). Leave blank to use server time, or to use External Interface to calculate value.
Sets the default value for the HTML output option Show Grid. This can be modified in the Options Menu of the Report Designer.
Displays/Hides the Crosstab Report Wizard and Insert Crosstab button in the Report Designer.
Displays/Hides the Express Report Wizard.
Displays/Hides the styling tools in the Layout tab of the Express Report Wizard.
Displays/Hides the Theme drop-down in the Layout tab of the Express Report Wizard.
Displays/Hides the grouping tools in the Layout tab of the Express Report Wizard.
Displays/Hides the Formula Editor button in the Layout tab of the Express Report Wizard.
Displays/Hides the Advanced Report Wizard and Report Designer.
NOTE. If ‘Show Advanced Reports’ is False then attempts to edit Advanced or Crosstab reports will cause an ‘access denied’ message. Additionally if 'False', users will not be able to create Crosstab reports.
Maximum number of seconds for a single query to run.
Enable/Disables filter drop-downs to contain values from the database. Set to 'False' only if retrieving values for the drop-down will take more than a couple of seconds.
Displays/Hides the scheduler icon on the Main Menu. Set to 'False' to disable users from creating scheduled reports.
Displays/Hides the email report icon on the Main Menu. Set to 'False' to disable users from emailing reports.
Displays/Hides the scheduler manager icon on the Main Menu. Set to 'False' to disable users from editing existing schedules.
Controls what information each user can see in the Schedule Manager. These levels utilize the Parameters companyId and userId. There are three possible values:
The Folder Access controls which report folders are visible and executable for the Role.
NOTE. If Include All Folders is checked this list will deny access to the folders added. If unchecked, the list will allow access to the folders added.
- If All Folders Read Only is checked this list will overwrite the setting when a folder is added without the 'Read Only' option checked.
To add a folder click 'New'.
Click in the 'Folder Name' column and select the Folder you want to add.
To make the folder execute only check the box in the 'Read Only' column.
To delete a folder click the 'Delete' button.
The Objects Access controls which Data Objects are accessible to the Role. A report can only be executed if the Role has access to all the Data Objects on the report.
NOTE. If Include All Data Objects is checked this list will deny access to the Data Objects added. If unchecked the list will allow access to the Data Objects added.
To add a Data Object click 'New'.
Click in the 'Data Object Name' column and select the Object you want to add.
To delete an Object click the 'Delete' button.
The Filter Access provides a means to filter a Data Object by Role.
To add a Data Object click 'New'.
Click in the 'Data Object Name' column and select the Object you want to add.
Enter the filter string in the Filter String Column. The filter string should be Standard SQL. This string will be added to the 'Where' clause.
To delete a Data Object click the 'Delete' button.