This article explains how to use the Roles to control access to data and override the General Settings.
The Role that is currently active will be highlighted under the Roles menu of the Admin Console.
User is the currently active Role
Roles are created to specify how a user or group of users interfaces with Exago. Roles can restrict access to folders or data objects. Roles can also override the General Settings.
Note: Exago was designed to be an integrated reporting solution for other applications using the application’s own security and authentication methods. Although you can create Roles through the Admin Console, Roles are typically created through the API to dynamically set a user's access. For more information see the articles regarding Integration and API.
Roles have five sections to control access: Main, General, Folders, Objects, and Filters.
The Main settings control the broad properties of the Role.
A name for the role.
Check to activate the role.
Note: As of v2019.1+, roles are activated via the Active Role setting in the Main Settings of Admin Console.
If checked, all folders that are not listed in Folder Access will be available. If unchecked, only those listed in Folder Access will be available.
If checked, all folders that are not specified in Folder Access will be execute-only. If unchecked, only those specified in Folder Access will be execute-only.
Displays/Hides the Folder Management icon and functionality.
If checked, all Data Objects that are not listed in Objects Access will be available. If unchecked, only those listed in Objects Access will be available.
The General settings of a Role override the global General Settings. Utilize the API in order to overwrite additional settings for a user or group of users.
The following settings can be overwritten:
The parent folder for all reports. The Report Path can be:
The format of date values. Can be any .NET standard (ex. MM/dd/yyyy). If left blank, this setting will inherit the environmental settings.
The format of time values. Can be any .NET standard (ex. h:mm:ss tt). If left blank, this setting will inherit the environmental settings.
The format of date-time values. May be any .NET standard (ex. M/d/yy h:mm tt). If left blank, this setting will inherit the environmental settings.
Note: For more details on .NET Date, Time and DateTime Format Strings please reference the Microsoft document here.
Symbol used to separate 3 digit groups (ex. thousandths) in numeric values. The default is ‘,’.
Symbol prepended to numeric values to represent currency. The default is ‘$’.
Symbol used for numeric decimal values. The default is a period (.).
Value that is used to convert server to client time (the negation is used to convert client to server time). If left blank, this setting will use server time or an External Interface to calculate value.
Default geopolitical location of the client as determined by the IANA time zone database (e.g., America/New_York). Utilized by Exago to properly combat scheduling issues centering around DST and other non-linear time zone conflicts. An External Interface may also be used to calculate time zone values.
Sets the default value for the HTML output option Show Grid. This can be modified in the Options Menu of the Report Designer.
Displays/Hides the Crosstab Report Wizard and Insert Crosstab button in the Report Designer.
Displays/Hides the Express Report Wizard.
Displays/Hides the styling tools in the Layout tab of the Express Report Wizard.
Displays/Hides the Theme drop-down in the Layout tab of the Express Report Wizard.
Displays/Hides the grouping tools in the Layout tab of the Express Report Wizard.
Displays/Hides the Formula Editor button in the Layout tab of the Express Report Wizard.
Displays/Hides the Advanced Report Wizard and Report Designer.
Note: If ‘Show Advanced Reports’ is False then attempts to edit Advanced or Crosstab reports will cause an ‘access denied’ message. Additionally if 'False', users will not be able to create Crosstab reports.
Maximum number of seconds for a single query to run.
Enable/Disables filter drop-downs to contain values from the database. Set to 'False' only if retrieving values for the drop-down will take more than a couple of seconds.
Displays/Hides the scheduler icon on the Main Menu. Set to 'False' to disable users from creating scheduled reports.
Displays/Hides the email report icon on the Main Menu. Set to 'False' to disable users from emailing reports.
Displays/Hides the scheduler manager icon on the Main Menu. Set to 'False' to disable users from editing existing schedules.
Controls what information each user can see in the Schedule Manager. These levels utilize the Parameters companyId and userId. There are three possible values:
Allow this role to create and execute reports with report-level custom SQL objects.
The Folder Access controls which report folders are visible and executable for the Role.
Note: If Include All Folders is checked this list will deny access to the folders added. If unchecked, the list will allow access to the folders added. If All Folders Read Only is checked this list will overwrite the setting when a folder is added without the 'Read Only' option checked.
To add a folder click the Add button.
Click in the Folder Name column and select the folder you want to add.
To make the folder execute only check the box in the Read Only column.
To delete a folder click the Delete button.
The Objects Access controls which data objects are accessible to the Role. A report can only be executed if the Role has access to all the data Objects on the report.
Note: If Include All Data Objects is checked this list will deny access to the data objects added. If unchecked the list will allow access to the data objects added.
To add a data object click the Add button.
Click in the Data Object Name column and select the object you want to add.
To delete an object click the Delete button.
If Allow Creation of Custom SQL Objects in Advanced Reports is False, enable this setting to allow this role to run reports with report-level custom SQL objects. (Otherwise users will receive an "Access Denied" message when running such reports).
The Filter Access provides a means to filter a Data Object by Role.
To add a filter click the Add button.
Click in the Data Object Name column and select the filter you want to add.
Enter the filter string in the Filter String column. The filter string should be Standard SQL. This string will be added to the 'WHERE' clause.
To delete a filter click the Delete button.