Five Stars

TDQ - Role based report access

I have a requirement for a role based access to the reports in the talend data mart. The requirement states that the visibility to reports saved in the data mart should be controlled based on the business group that the logged in TDQ user belongs to.

 

Note that the business group is not among the fields being analyzed in the Talend Profiling perpective, but the reports (one per business group) are filtered by the business group.

Data Filter in profiling analysis.PNG

In the TDQ portal I can

  1. Create one role per business group
  2. Create document template for each role and control access to the document

The "Data Filter" column in the data mart Analysis table has the filter expression such as "business_group = '12345'".

 

Can the data in the document be filtered using this field?

 

Is there a better approach towards satisfying this requirement?

  • Data Quality
1 ACCEPTED SOLUTION

Accepted Solutions
Five Stars

Re: TDQ - Role based report access

msjian, Thanks for your reply and suggestions!

 

I will try this out.

 

I figured out an alternate solution to the problem. Instead of creating a duplicate of the document   "CL01_column_basic", I added new “ANALYTICAL DRIVER USE MODE DETAILS” for each business unit. This solutions works fine since the association of the sub-report with the original document,  "CL01_column_basic",  is already setup correctly.

 

The new “ANALYTICAL DRIVER USE MODE DETAILS” for each business unit were defined with a) right roles association and b) the right selection of the LOV .

 

The LOVs for each business unit were created by duplicating the LOV that was associated with the "UUID REPORT_ANA BASI" (the ANALYTICAL DRIVER USE MODE that was already defined in TDQ portal) and modifying the SQL to add the right filter criteria.

4 REPLIES
Employee

Re: TDQ - Role based report access

Given that you are able to store the business group information in the datamart with the where clause, I think you could try to use this business group information in the list of values that let the user selects visible reports:

https://help.talend.com/reader/hAtXOOO5XruHpJ3b4mOhpQ/EQADyiYazyz1_STUDS0c_A

 

hope this helps.

Five Stars

Re: TDQ - Role based report access

Thanks!

 

I did some digging around and figured this out. I am able to get a filtered list for the various business groups.

 

However, when I chose an analysis and execute it I get the following error message....

 

An error occurred while executing report. Check log file for more information

The error seems to be with the permissions on sub report s01_column_subreport. Here's the error log....

 

 

21 Jun 2017 17:41:50,524 ERROR it.eng.spagobi.utilities.engines.AbstractEngineStartServlet.handleException:64 - Service execution failed
it.eng.spagobi.utilities.engines.SpagoBIEngineException: An error occurred while executing report. Check log file for more information
        at it.eng.spagobi.engines.jasperreport.services.JasperReportEngineStartAction.doService(JasperReportEngineStartAction.java:106)
        at it.eng.spagobi.utilities.engines.AbstractEngineStartServlet.doService(AbstractEngineStartServlet.java:47)
        at it.eng.spagobi.utilities.service.AbstractBaseServlet.service(AbstractBaseServlet.java:48)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at it.eng.spagobi.utilities.filters.SpagoBIAccessFilter.doFilter(SpagoBIAccessFilter.java:194)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at it.eng.spagobi.utilities.filters.EncodingFilter.doFilter(EncodingFilter.java:42)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) 

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)
        at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
Caused by: it.eng.spagobi.engines.jasperreport.JasperReportEngineRuntimeException: Impossible to run report
        at it.eng.spagobi.engines.jasperreport.JasperReportEngineInstance.runReport(JasperReportEngineInstance.java:118)
        at it.eng.spagobi.engines.jasperreport.services.JasperReportEngineStartAction.doService(JasperReportEngineStartAction.java:96)
        ... 31 more
Caused by: it.eng.spagobi.engines.jasperreport.JasperReportEngineRuntimeException: Impossible to run report
        at it.eng.spagobi.engines.jasperreport.JasperReportEngineInstance.runReport(JasperReportEngineInstance.java:251)
        at it.eng.spagobi.engines.jasperreport.JasperReportEngineInstance.runReport(JasperReportEngineInstance.java:116)
        ... 32 more
Caused by: net.sf.jasperreports.engine.JRException: Could not load object from location : s01_column_subreport.jasper
        at net.sf.jasperreports.engine.util.JRLoader.loadObjectFromLocation(JRLoader.java:262)
        at net.sf.jasperreports.engine.fill.JRFillSubreport.evaluateReport(JRFillSubreport.java:301)
        at net.sf.jasperreports.engine.fill.JRFillSubreport.evaluateSubreport(JRFillSubreport.java:327)
        at net.sf.jasperreports.engine.fill.JRFillSubreport.evaluate(JRFillSubreport.java:263)
        at net.sf.jasperreports.engine.fill.JRFillElementContainer.evaluate(JRFillElementContainer.java:258)
        at net.sf.jasperreports.engine.fill.JRFillBand.evaluate(JRFillBand.java:499)
        at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillColumnBand(JRVerticalFiller.java:2036)
        at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillGroupHeader(JRVerticalFiller.java:621)
        at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillGroupHeaders(JRVerticalFiller.java:543)
        at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReportStart(JRVerticalFiller.java:268)
        at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReport(JRVerticalFiller.java:128)
        at net.sf.jasperreports.engine.fill.JRBaseFiller.fill(JRBaseFiller.java:946)
        at net.sf.jasperreports.engine.fill.JRBaseFiller.fill(JRBaseFiller.java:845)
        at net.sf.jasperreports.engine.fill.JRFiller.fillReport(JRFiller.java:58)
        at net.sf.jasperreports.engine.JasperFillManager.fillReport(JasperFillManager.java:417)
        at it.eng.spagobi.engines.jasperreport.JasperReportEngineInstance.runReport(JasperReportEngineInstance.java:215)

 

 

 

The roles that I created have the Execution permission on the Subreports folder (in the functionalities management)

Subreports folder permissions.PNG

 

And here is the screen shot of the Documents Browser - subreports folder. The subreport exists there.

 

Documents Browser - Subreports.PNG

Employee

Re: TDQ - Role based report access

hi  balramvv from the above error, it is clear that the report document you run can not find the sub report s01_column_subreport. for our provided report documents(under tdq_reports->column, we have CL01_column_basic and CL02_column_evolution), they depend on the sub report s01_column_subreport(you can see the details page of them, click the right top "Links" icon button to see). I am not sure whether you have created a new your own report document except the our provided, if that you need to add Link to the subreport(you can see the details page of them, click the right top "Links" icon button to add). else  you have done "The roles that I created have the Execution permission on the Subreports folder (in the functionalities management)", do you do the same for the  tdq_reports->column folder or you own created folder? hope this can help you. thanks Jian
Five Stars

Re: TDQ - Role based report access

msjian, Thanks for your reply and suggestions!

 

I will try this out.

 

I figured out an alternate solution to the problem. Instead of creating a duplicate of the document   "CL01_column_basic", I added new “ANALYTICAL DRIVER USE MODE DETAILS” for each business unit. This solutions works fine since the association of the sub-report with the original document,  "CL01_column_basic",  is already setup correctly.

 

The new “ANALYTICAL DRIVER USE MODE DETAILS” for each business unit were defined with a) right roles association and b) the right selection of the LOV .

 

The LOVs for each business unit were created by duplicating the LOV that was associated with the "UUID REPORT_ANA BASI" (the ANALYTICAL DRIVER USE MODE that was already defined in TDQ portal) and modifying the SQL to add the right filter criteria.