Managed Reporting Settings in the WebFOCUS Administration Console

In this section:

You can set or change the values of most Managed Reporting variables that are stored in the cgivars.wfs file using the WebFOCUS Administration Console. You can also configure Managed Reporting for external authentication and external authorization using the WebFOCUS Administration Console. For information about configuring external authentication, see Configuring Managed Reporting for Trusted or External Authentication. For information about configuring external authorization, see Configuring Managed Reporting for External Authorization.
Top of page
x
Changing Managed Reporting Settings

From the Configuration menu of the WebFOCUS Administration Console, choose the Managed Reporting category to view or edit the following settings in the cgivars.wfs file.

IBIF_dbapass_src

Controls whether to pass a DBA password to the WebFOCUS Reporting Server on each WebFOCUS request.

For more information, see DBA Password Settings.

IBIMR_RC_SVCUSER

Is the user ID that the MR Realm Driver uses to connect to ReportCaster during Managed Reporting sign-on. This setting is used only when the MR Realm Driver is configured for external authorization and allows it to create (and update) the Managed Reporting user privileges in the ReportCaster Repository. The ID specified must have rcadmin privileges. Typically, this value is set to the same ID stored in the ReportCaster Server Configuration Tool under General, User Info, then Administrator. By default, the value is admin.

MR_EXPIRED_PWD

Reserved for future password expiration feedback support when using the MR Realm Driver. OFF is the default setting.

MR_PARSER_VERSION

Servlet initialization parameter that controls which HTML parser Managed Reporting uses against the basedir directory. This setting was previously located in the \WEB-INF\web.xml file.

Information Builders recommends using the default value, as there is a 50% performance improvement.

MR_BASE_HTML_DIR

Location where all Managed Reporting published pages will reside.

For more information, see Accessing Reports From Outside Managed Reporting.

MR_TEMPLATE_DIR

Location where all Managed Reporting templates will reside.

REPOSITORY_CACHE

When enabled, this setting significantly improves Managed Reporting performance and scalability. However, this setting only applies to installations where the Authorization setting in the MR Security Settings - General window of the console is set to Internal.

REPOSITORY_CACHE=ON tells WebFOCUS to cache information about Managed Reporting users, groups, roles, and Domain content. Information is always read from cache unless WebFOCUS detects that the date-time stamp of the files that contain this data has changed. The date-time stamp feature supports scenarios where a cluster of application servers is sharing a single Managed Reporting Repository. User My Report information is also cached. This setting is turned ON by default.

DOMAINS_CACHE

When set to a numeric setting, WebFOCUS caches information about Managed Reporting Domain content. For example, a setting of 10 caches information about the last 10 domains the WebFOCUS processed. This setting is disabled (set to 0) by default. This setting only applies to installations where the Authorization setting in the MR Security Settings - General window of the console is set to Internal.

USERS_CACHE

When set to a numeric setting, WebFOCUS caches information about Managed Reporting user resources such as information about My Reports and Deferred Receipt tickets. For example, a setting of 50 caches resource information for the last 50 users who have signed-on to WebFOCUS. This setting is disabled (set to 0) by default. This setting only applies to installations where the Authorization setting in the MR Security Settings - General window of the console is set to Internal.

WF_CGI_ENDIANNESS

In previous releases, when WebFOCUS was configured to use the CGI/ISAPI client, deferred output saved to a My Reports folder of the user in the Managed Reporting Repository, was written in a format that was incompatible with the WebFOCUS Servlet (WFServlet). This meant that if you upgraded to WebFOCUS Version 7 Release 1, which required the WFServlet configuration for Managed Reporting, you could not access your saved deferred output. The WFServlet now detects and reads the legacy output format, while continuing to read and write with the newer format.

The WF_CGI_ENDIANNESS setting is used by WFServlet to determine the byte order of the deferred output. If your legacy saved deferred output was created on a platform with a little-endian byte order, such as Intel x86, you should keep the default setting of LITTLE. If the output was created on a big-endian platform such as IBM S/390, z/Series, and some UNIX and Linux systems, you should change the setting to BIG. Some platforms can be configured either way so consult with your administrator or experiment if you are unsure of the proper setting for your environment.

Because WFServlet runs on Java technology, which is always big-endian, new deferred output will always be written in big-endian format. WF_CGI_ENDIANNESS is therefore used by WFServlet only to know which way to read legacy saved deferred output created by the WebFOCUS CGI/ISAPI Client.

IBIMR_prompting

Enables parameter prompting for all Managed Reporting requests. Possible values are:

XMLPROMPT

Prompts for amper variables created with -DEFAULT and any other amper variable that does not have a value. This is the default value.

XMLRUN

Only prompts for amper variables created with -DEFAULT when there is another amper variable that does not have a value assigned and, therefore, will be prompted for.

OFF

Turns off parameter prompting at the site level.

IBIF_publish_xsl

Contains the URL of the .xsl file that styles the XML document returned from the Reporting Server when IBIMR_prompting is set to XMLRUN or XMLPROMPT.

MR_BASE_DIR

Location of the Managed Reporting Repository.

MR_ANONYMOUS_RUN_ACCESS

This setting controls the security processing behavior of two different kinds of Managed Reporting requests:

  • Launch pages created outside of Managed Reporting by the Managed Reporting Publish feature.
  • Drill-down requests created by tools that reference a child report in a different Managed Reporting domain than the parent report.

When set to YES, a launch page can run a Managed Reporting report even though the user is not logged on to Managed Reporting. Additionally, a user who is logged on to Managed Reporting can run a drill-down request even when the child report is in a Managed Reporting domain that they do not have access to. If this behavior is a security concern, change the setting to NO.

When set to NO, Managed Reporting domain security is strictly enforced. The behavior for launch pages and drill-down requests is slightly different. If a user who is not logged on submits a Managed Reporting request from a launch page, they will receive an error message or be presented with the Managed Reporting logon page, depending on the value of MR_AUTOSIGNON. If a user who is logged on runs a drill-down request to a child report in a Managed Reporting domain that they do not have access to, they will receive an error message.

Note: This setting supersedes the <set> IBIMR_drill(protect) statement.The protect statement should no longer be used since it disables drill-down reporting, in addition to closing the publish security issue.

MR_AUTOSIGNON

When set to YES, in conjunction with MR_ANONYMOUS_RUN_ACCESS=NO, when a user who is not logged on submits a request from a published launch page, they will be presented with the Managed Reporting logon page. After their credentials are successfully validated, the report will be run automatically and they will remain logged on to Managed Reporting. In scenarios where single sign-on is configured (for example SiteMinder integration) the user will be logged on to Managed Reporting transparently.

The setting is only valid for HTTP requests, which means it is not supported with Managed Reporting API and Web Service requests.
Top of page
x
DBA Password Settings

How to:

The SET PERMPASS=password command establishes a password that the user cannot change for access to data sources. You can control whether a PERMPASS is sent to the WebFOCUS Reporting Server with each request by choosing an option for the IBIF_dbapass_src variable.

The DBA password defines access to data sources on the WebFOCUS Reporting Server. Each data source description can specify which passwords are acceptable for accessing the data source. Each password may also be associated with specific access types, conditions and rules that limit access down to the row level if necessary.

Database security is described in the Describing Data With WebFOCUS Language manual.

By setting the DBA password for each request, you establish a single signon from Managed Reporting in the front end to the data source on the WebFOCUS Reporting Server.

ReportCaster also supports the DBA password, which is sent in encrypted form to ReportCaster. The DBA password cannot be assigned a group ID because a single password can be associated with multiple groups. It can be set to the domain ID, the user HREF, or to a user-specified variable.

x
Procedure: How to Set the Middle Tier DBA Password
  1. Click Configuration and then Client Settings.
  2. Select the Managed Reporting category and then the IBIF_dbapass_src variable.

    Client Settings-MR dialog box

  3. Select one of the following options:
    • OFF. This option sets IBIF_dbapass_src to blank and does not pass a DBA password with each request.
    • MR Id. This option sets IBIF_dbapass_src to the value of the CURRENT_USER_FILE variable. CURRENT_USER_FILE is the WFS variable that holds the href of the current user. The href is normally in the form filename.ext (for example, sally02.htm), where the file name may be a maximum of eight characters. The file name portion of the href without the extension will be sent to the WebFOCUS Reporting Server as the DBA password (SET PERMPASS=dbapass) prefixed to each request.

      Note: If a Managed Reporting Repository Driver populates user hrefs from an outside source with file names greater than eight characters, the SET PERMASS=dbapass syntax fails, the server returns an error, and WebFOCUS may function unpredictably.

    • MR Domain. This option sets IBIF_dbapass_src to the value of the IBIMR_domain variable. IBIMR_domain is the WFS variable that holds the domain href of the current action. The domain href is normally in the form of an eight character domain directory name, a slash, and an eight character domain file name followed by an extension (for example, domainon/domainon.htm or untitled/untitled.htm). Only the file name portion of the href (without preceding directory name or the extension) is sent to the WebFOCUS Reporting Server as the DBA password. A domain href of untitled/untitled.htm produces a DBA password of untitled.
    • WebFOCUS Variable. If you choose this option, an edit box opens so that you can enter the name of a user-specified variable available to the CGI/Servlet WFS script processor. This value is retrieved and sent to the WebFOCUS Reporting Server as the DBA password. If the value is greater than eight characters, WebFOCUS may function unpredictably. Use this option if you do want to set the DBA password to a value other than OFF, MR Id, or MR Domain (for example, you can write a WebFOCUS plug-in that decides the value).

      Note: An alternative method to the MR id setting, which avoids this conversion process and sends the Managed Reporting ID as the value for IBIF_dbapass_src for DBA, is to select the WebFOCUS Variable option and add the IBIMR_ user as the variable. This will send the Managed Reporting Userid, which maximum length is 128 characters.

WebFOCUS