Dotnet Report supports saving Reports by different users or roles, so that they can create their own set of Reports or Dashboards, or Admins can determine which reports a user can access, manage or run.
Setting up Authorization
Since Dotnet Report’s Controller is added directly in your Application’s code base on installation, it uses your application’s Authentication/Authorization infrastructure as well.
In order to enable Admin Users or Dev Team to manage access to reports or dashboards, you can display a list of available users and user roles in the front end. To do this, you can fetch a list of users from your user directory or database and populate the list in the front end. This will allow authorized users to easily select and manage access to reports or dashboards for specific users. By implementing this feature, you can streamline the process of managing user access to Reports and Dashboards.
To let Dotnet Report know which Authorized User is logged in, you need to provide the Client Id or User Id (or both) in the ReportApiController in the initialization code, using your logged in user’s claims:
private DotNetReportSettings GetSettings() { settings.ClientId = ""; // You can pass your multi-tenant client id here to track their reports and folders settings.UserId = ""; // You can pass your current authenticated user id here to track their reports and folders settings.UserName = ""; settings.CurrentUserRole = new List<string>(); // Populate your current authenticated user's roles settings.Users = new List<dynamic>(); // Populate all your application's user, ex { "Jane", "John" } or { new { id="1", text="Jane" }, new { id="2", text="John" }} settings.UserRoles = new List<string>(); // Populate all your application's user roles, ex { "Admin", "Normal" } return settings; }
| settings.ClientId
If you have multiple clients (or companies) using your application, you can add the current user’s Client ID from the current session in the above code. The system assumes that you already have an authentication process, and your current Client ID is already determined and is available to use in the current session.
Once you set clientId, the system will automatically save and load reports for the given clientId and will only allow editing/deleting the reports saved for the given clientId. Reports saved with other Client IDs will not be shown.
| settings.UserId and settings.CurrentUserRole
If you want to further control reports just saved for a specific user in addition to the client, or just want to separate reports for a User instead of a Client, populate the userId field with your currently logged in User ID from the current session in the above code. Again, we are assuming that your system already has an authentication process and your currently logged in User’s ID is available.
Once you set the userId, similar to the clientId, the system will save/load reports only for the given userId, and will only allow editing/deleting reports saved for the given userId. Reports saved with other User IDs will not be shown.
Just to clarify, you can provide just the clientId, just the userId, or both clientId and userId. If you specify both, the reports will be saved/shown for both Client and User. You can also restrict by current User’s role in the same way by populating CurrentUserRoles the logged in user has access to.
| settings.Users
To show a list of users in the front end to pick and manage access on each report or dashboard, you need to populate Users. You can get a list of all the users from your users directory or database, and then populate it here.
| settings.UserRoles
To manage access to reports and dashboards based on user roles, you can display a list of available roles in the front end. This allows authorized users to easily select and manage access to reports or dashboards based on the user’s role in the organization. You need to populate UserRoles by getting a list of all the user roles from your application.
Setting Access for Individual Report or Dashboard
To setup access in the front end, you must be an Administrator or Dev Team member. You can setup access to each report in the front end in 2 different ways.
| Admin Mode in Report Builder
Turn on the “Admin Mode” flag:
Once the Admin Mode is turned on, the system will populate all reports, regardless of access. When you Edit or Create a Report, you will the see the Report’s Access Permissions:
In Admin mode, you can also see the permissions set for each Report:
The list of Users and User Roles will be populated based what you specified in the Settings. You have the option to:
- Global Access: Make the report globally accessible by all users or clients by not checking any specific user or user role, and not providing a Client Id.
- Restrict Access by Client: To restrict a report to specific clients, you can enter the client ID(s) in the designated field. Multiple client IDs can be specified by using a comma-separated list. If the field is left blank, the report will be accessible to all clients. This feature allows you to control access to reports based on client-specific information and ensures that sensitive information is only available to authorized parties.
- Restrict Access by User: You can restrict the report to specific user(s) by checking the user’s name. You have the option to let them just view/run the report, or be able to change or delete it. If a user has access to view the report, but not manage or delete it, they will see the “Copy” option to easily create a copy of the report and make changes.
- Restrict Access by User Role: You can restrict the report to specific User Roles(s) in a similar way as Users, by simply checking the Roles. You have the same options, to allow them to just view/run it or manage/delete it.
| Using Setup Page
You can also set these permissions using the Setup page. The Setup page has a “Manage Reports Access” tab, where all the Reports in the system are listed, regardless of permission. You can view a Report’s existing access permissions, and click on it to change the permissions, similar to how you can set it in Admin Mode in the Report Builder.
| Permission for Dashboard
The Permission for Dashboards work in a very similar way as the Report Access. Once you turn on “Admin Mode” in the Dashboard, you will see the same “Manage Access” when setting up the Dashboard, as you would see when setting it up for a Report, and the same permission options apply.