This chapter explains how to use the Roles to control access to Data and override the General Settings.
- To add a new role select ‘Roles’ in the Main Menu then click the 'Add' button.
- To edit a role either double click it or select it and click the 'Edit' button.
- To delete a role select it and click the 'Delete' button.
Roles are created to specify how a user or group of users interfaces with Exago. Roles can restrict access to folders or Data Objects. Roles can also override the General Settings.
NOTE. Exago was designed to be an integrated reporting solution for other applications using the application’s own security and authentication methods. Although you can create Roles through the Administration Console, Roles are typically created through the API to dynamically set a user's access. For more information see the articles regarding Integration and API.
Roles have five sections to control access: Main, General, Folders, Objects, and Filters.
Controls the broad properties of the Role.
Overrides General Settings.
Controls which report folders a role can see and edit.
Controls which Data Objects a role can access.
Provides row level filters on Data Objects.
The main settings control the broad properties of the Role.
The Main role settings are:
A name for the role.
Check to activate the role.
Include All Folders
If checked, all folders that are not listed in Folder Access will be available. If unchecked, only those listed in Folder Access will be available.
All Folders Read Only
If checked, all folders that are not specified in Folder Access will be execute-only. If unchecked, only those specified in Folder Access will be execute-only.
Allow Folder Management
Displays/Hides the Folder Management Icon and functionality.
Include All Data Objects
If checked, all Data Objects that are not listed in Objects Access will be available. If unchecked, only those listed in Objects Access will be available.
The General Settings of a Role override the Global General Settings. Utilize the API in order to overwrite additional settings for a user or group of users. For more information see API.
The following settings can be overwritten:
The parent folder for all reports. The Report Path can be:
- Virtual Path
- Absolute Path: used to provide increased security (ex. C:\Reports)
- Web Service URL or .NET Assembly: using a Web Service or .NET Assembly allows reports and folders to be managed in a database. For more information see Report Folder Storage & Management.
- A Web Service should be formatted as ‘url=http://WebServiceUrl.asmx’. A .NET Assembly should be formatted as ‘assembly = AssemblyFullPath.dll;class-Namespace.ClassName’.
The format of date values. Can be any .NET standard (ex. MM/dd/yyyy). Leave blank to use the browser culture.
The format of time values. Can be any .NET standard (ex. h:mm:ss tt). Leave blank to use the browser culture.
Date Time Format
The format of date-time values. May be any .NET standard (ex. M/d/yy h:mm tt). Leave blank to use the browser culture.
NOTE. For more details on .NET Date, Time and DateTime Format Strings please see here.
Numeric Separator Symbol
Symbol used to separate 3 digit groups (ex. thousandths) in numeric values. The default is ‘,’.
Numeric Currency Symbol
Symbol prepended to numeric values to represent currency. The default is ‘$’.
Numeric Decimal Symbol
Symbol used for numeric decimal values. The default is ‘.’.
Server Time Zone Offset
Value that is used to convert server to client time (the negation is used to convert client to server time). Leave blank to use server time, or to use External Interface to calculate value.
Show HTML Export Grid Lines
Sets the default value for the HTML output option Show Grid. This can be modified in the Options Menu of the Report Designer.
Show Crosstab Reports
Displays/Hides the Crosstab Report Wizard and Insert Crosstab button in the Report Designer.
Show Express Reports
Displays/Hides the Express Report Wizard.
Show Styling Toolbar
Displays/Hides the styling tools in the Layout tab of the Express Report Wizard.
Displays/Hides the Theme drop-down in the Layout tab of the Express Report Wizard.
Displays/Hides the grouping tools in the Layout tab of the Express Report Wizard.
Show Formula Button
Displays/Hides the Formula Editor button in the Layout tab of the Express Report Wizard.
Show Advanced Reports
Displays/Hides the Advanced Report Wizard and Report Designer.
NOTE. If ‘Show Advanced Reports’ is False then attempts to edit Advanced or Crosstab reports will cause an ‘access denied’ message. Additionally if 'False', users will not be able to create Crosstab reports.
Maximum number of seconds for a single query to run.
Read Database for Filter Values
Enable/Disables filter drop-downs to contain values from the database. Set to 'False' only if retrieving values for the drop-down will take more than a couple of seconds.
Show Report Scheduling Option
Displays/Hides the scheduler icon on the Main Menu. Set to 'False' to disable users from creating scheduled reports.
Show Email Report Options
Displays/Hides the email report icon on the Main Menu. Set to 'False' to disable users from emailing reports.
Show Schedule Manager
Displays/Hides the scheduler manager icon on the Main Menu. Set to 'False' to disable users from editing existing schedules.
Scheduler Manager User View Level
Controls what information each user can see in the Schedule Manager. These levels utilize the Parameters companyId and userId. There are three possible values:
- Current User: Can only view and delete report jobs that have been created by that user.
- All Users in Current Company: User can only view and delete report schedules for their company.
- All Users in All Companies: User can view and delete report schedules for all companies (administrator).
Allow Creation of Custom SQL Objects in Advanced Reports
(v2018.1+) Allow this role to create and execute reports with report-level custom SQL objects.
The Folder Access controls which report folders are visible and executable for the Role.
NOTE. If Include All Folders is checked this list will deny access to the folders added. If unchecked, the list will allow access to the folders added.
- If All Folders Read Only is checked this list will overwrite the setting when a folder is added without the 'Read Only' option checked.
To add a folder click 'New'.
Click in the 'Folder Name' column and select the Folder you want to add.
To make the folder execute only check the box in the 'Read Only' column.
To delete a folder click the 'Delete' button.
The Objects Access controls which Data Objects are accessible to the Role. A report can only be executed if the Role has access to all the Data Objects on the report.
NOTE. If Include All Data Objects is checked this list will deny access to the Data Objects added. If unchecked the list will allow access to the Data Objects added.
To add a Data Object click 'New'.
Click in the 'Data Object Name' column and select the Object you want to add.
To delete an Object click the 'Delete' button.
Allow User to View Report-Level Custom SQL Objects
(v2018.1+) If Allow Creation of Custom SQL Objects in Advanced Reports is False, enable this setting to allow this role to run reports with report-level custom SQL objects. (Otherwise users will receive an "Access Denied" message when running such reports).
The Filter Access provides a means to filter a Data Object by Role.
To add a filter click 'New'.
Click in the 'Data Object Name' column and select the filter you want to add.
Enter the filter string in the Filter String Column. The filter string should be Standard SQL. This string will be added to the 'Where' clause.
To delete a filter click the 'Delete' button.