BIRT: WORKITEM SNAPSHOT doesn't keep the permissions of RTC.
Hello,
I'm writing a BIRT report using in the datasource the WORKITEM SNAPSHOT, a Data Warehouse Snapshot Schemas, to query WI from all my project areas. However we realized that I can see all WI from all Project areas although I haven't got permission to access some of them (no member and Access control=members of the project area hierarchy). How can I keep the security of RTC?
Thanks a lot,
Almudena
5 answers
Almudena, not everyone should have the permission to deploy report templates to the server. But the ones that do should be carefull an avoid fetching data across project areas. To do this, you should always pass one of the following variables to the PROJECT_AREA_NAME or PROJECT_AREA_ITEMID parametrer: {Current Project Area) or {My Project Areas}
To add to what Rafik has mentioned:
- '{Current Project Area}' - When passed as a PROJECT_AREA_NAME or PROJECT_AREA_UUID, the data set will expand this value to match the current project area implied by the context. For instance, launching a report in RTC always occurs in the context of a project-based Web UI, or in the context of a project area in the rich client, so in those cases {Current Project Area} will be replaced with that project. Always a single value.
- '{Current Contributor}' - When passed to a contributor field, the data set will expand this value to match the contributor who is making the request to render the report. Always a single value.
- '{My Team Areas}' - When passed as a TEAM_AREA_NAME or TEAM_AREA_UUID, the data set will expand this value to the list of team areas of which the current contributor is a member. Multi-valued.
- '{Current Iteration}' - When passed as an iteration (or interval), the data set will expand this value to the list of iterations which are "current" in the current project area. A project may have multiple current iterations, one for each development line. Multi-valued.
- '{Top Level Work Item Types}' - When passed as a work item type, will expand to the id of one or more work item types which are configured as "top-level" work item types in this project area. (For example, stories in a Scrum project area).
- '{Complexity Attribute}' - When passed as a work item attribute, will expand to the id of the work item attribute which is configured to contain the "complexity" metric in this project area. (For example, the id of the story points attribute in a Scrum project area).
Rafik, Vinay
Thanks a lot for your answer.
I agree not everyone should have permission to deploy report template, but the issue is that when I am developing a new report, before publishing in the server, If I am are using BIRT and connect to the repository using the WORKITEM SNAPSHOT, I can get all WI of every project area(PA). Although I specified and tested the connection with a specific project area. If I build a query to get all WI, I can see WI from PA for which I am not a member. Do you know how I can solve this?
Thanks a lot for your answer.
Almudena, to answer question:
1) In the data set, add the PROJECT_AREA_NAME column as a parameter.
2) In the Parameters section, double click on the row for PROJECT_AREA_NAME and provide '{Current Project Area}' as the Default Value.
By doing this you filter data only to the project area in which the report is currently deployed.