I haven't spent much time researching this one but felt I should ask to make sure. On the User-defined reports and Querys, I understand this is a feature that the developer can give the user access to or not.
But if we give access can the developer LIMIT the fields available and can they limit the data available. For example: It would be great if sales people could create the reports they need but I would not want them creating reports for other sales people.
So I would need to limit it by division and by salesperson so it would be impossible for sales #101 to create a report for salesperson #222 etc
Thanks
User Defined Reports
-
aware_support
- Posts: 7525
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
I haven't spent much time researching this one but felt I should ask to make sure. On the User-defined reports and Querys, I understand this is a feature that the developer can give the user access to or not.
Yes, that's right. This feature lets you control whether the end users will be able to create THEIR OWN REPORTS.
But if we give access can the developer LIMIT the fields available and can they limit the data available. For example: It would be great if sales people could create the reports they need but I would not want them creating reports for other sales people.
Yes, you can do this - use access levels to control access to data (see the User Guide for more info on access levels). For example, if you define that the attribute is not visible to a particular access level Aware IM will automatically hide it from all forms, query results and documents/reports. You can also specify that a certain report/document should not be available to a particular access level.
Yes, that's right. This feature lets you control whether the end users will be able to create THEIR OWN REPORTS.
But if we give access can the developer LIMIT the fields available and can they limit the data available. For example: It would be great if sales people could create the reports they need but I would not want them creating reports for other sales people.
Yes, you can do this - use access levels to control access to data (see the User Guide for more info on access levels). For example, if you define that the attribute is not visible to a particular access level Aware IM will automatically hide it from all forms, query results and documents/reports. You can also specify that a certain report/document should not be available to a particular access level.
Aware IM Support Team
Good news!
Now just a few more questions on this please.
Does the ability to define a VALUE for a hidden field also exist in a report.
And can this VALUE be used in the search selection and not removed by the user?
Example: By doing this one sales person couldn't create a report on another. And it would limit the report to just them, with the ability to change it.
Now just a few more questions on this please.
Does the ability to define a VALUE for a hidden field also exist in a report.
And can this VALUE be used in the search selection and not removed by the user?
Example: By doing this one sales person couldn't create a report on another. And it would limit the report to just them, with the ability to change it.
-
aware_support2
- Posts: 595
- Joined: Sun Apr 24, 2005 2:22 am
- Contact:
Reports do not support hidden fields. If you allow users to define their own reports they can print any data they allowed to access in the system. So, data access should be controlled on the system level, not in reports. For this purpose you can use access level options like "Creator Only" or, for more flexibility, rules with READ PROTECT action. For example, to ensure that a sales person can see his own sales data but not that of other sales people, you can add the following rule to object Sale:
If LoggedInSystemUser <> Sale.SalesPerson Then READ PROTECT Sale FROM SalesPerson
Aware IM automatically applies protection rules to all user queries so that even if the user runs a query like "FIND ALL Sale" he would see only his sales, not those or others.
The benefit of this approach is that you control data access in one place. Users can create they own reports or run their own queries, if you allow them. Also, in your configuration you do not have to create separate queries for different access levels just to filter out restricted data. Aware IM will do it automatically based on defined protection rules.
If LoggedInSystemUser <> Sale.SalesPerson Then READ PROTECT Sale FROM SalesPerson
Aware IM automatically applies protection rules to all user queries so that even if the user runs a query like "FIND ALL Sale" he would see only his sales, not those or others.
The benefit of this approach is that you control data access in one place. Users can create they own reports or run their own queries, if you allow them. Also, in your configuration you do not have to create separate queries for different access levels just to filter out restricted data. Aware IM will do it automatically based on defined protection rules.
Aware IM Support Team
-
aware_support2
- Posts: 595
- Joined: Sun Apr 24, 2005 2:22 am
- Contact:
Absolutely. You can either add more attributes to RegularUser object, or create your own object representing the user, like SalesPerson, and make it a member of SystemUser group (in which case the system will automatically add login- and access-related attributes). You can then use any of your attributes in protection rules.
Aware IM Support Team