Wednesday, March 7, 2012

Quick custom security question

I am trying to implement some type of security based on the user, the
report, and what parameters the are supplying.
So lets say that I have a report called "Salary Report" that shows
employees salary and bonus data. The people who can run the report
with Department = 1 are not allowed to run the report as Department = 2.
Previously I believe the answer was to use the "UserId" in my reports,
which would be populated with the current users Username, but we
already have a very complex system for determining peoples rights to
different things on our intranet site.
People can delegate rights to others, people get rights based on their
project assignments, people get rights based on their position in the
company, people get rights based on who they report to, and who reports
to them, and on and on.
So all I need to know to validate is username (or userID), what report
they are running, and what parameters they are supplying.
Is there any way to do this?Would a query based parameter work for you where you use a stored procedure
to return a list of valid parameters that they can use for that report based
on who they are and what rights they have inherrited?
Steve MunLeeuw
"cmay" <cmay@.walshgroup.com> wrote in message
news:1161293948.030847.304270@.m73g2000cwd.googlegroups.com...
>I am trying to implement some type of security based on the user, the
> report, and what parameters the are supplying.
> So lets say that I have a report called "Salary Report" that shows
> employees salary and bonus data. The people who can run the report
> with Department = 1 are not allowed to run the report as Department => 2.
> Previously I believe the answer was to use the "UserId" in my reports,
> which would be populated with the current users Username, but we
> already have a very complex system for determining peoples rights to
> different things on our intranet site.
> People can delegate rights to others, people get rights based on their
> project assignments, people get rights based on their position in the
> company, people get rights based on who they report to, and who reports
> to them, and on and on.
> So all I need to know to validate is username (or userID), what report
> they are running, and what parameters they are supplying.
> Is there any way to do this?
>
Posted by fatiguelzxr at 8:02 PM
Labels: , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)