In this section: |
You can set or change the values of most Managed Reporting variables that are stored in the cgivars.wfs file using the WebFOCUS Administration Console. You can also configure Managed Reporting for external authentication and external authorization using the WebFOCUS Administration Console. For information about configuring external authentication, see Configuring Managed Reporting for Trusted or External Authentication. For information about configuring external authorization, see Configuring Managed Reporting for External Authorization.
From the Configuration menu of the WebFOCUS Administration Console, choose the Managed Reporting category to view or edit the following settings in the cgivars.wfs file.
Controls whether to pass a DBA password to the WebFOCUS Reporting Server on each WebFOCUS request.
For more information, see DBA Password Settings.
Is the user ID that the MR Realm Driver uses to connect to ReportCaster during Managed Reporting sign-on. This setting is used only when the MR Realm Driver is configured for external authorization and allows it to create (and update) the Managed Reporting user privileges in the ReportCaster Repository. The ID specified must have rcadmin privileges. Typically, this value is set to the same ID stored in the ReportCaster Server Configuration Tool under General, User Info, then Administrator. By default, the value is admin.
Reserved for future password expiration feedback support when using the MR Realm Driver. OFF is the default setting.
Servlet initialization parameter that controls which HTML parser Managed Reporting uses against the basedir directory. This setting was previously located in the \WEB-INF\web.xml file.
Information Builders recommends using the default value, as there is a 50% performance improvement.
Location where all Managed Reporting published pages will reside.
For more information, see Accessing Reports From Outside Managed Reporting.
Location where all Managed Reporting templates will reside.
When enabled, this setting significantly improves Managed Reporting performance and scalability. However, this setting only applies to installations where the Authorization setting in the MR Security Settings - General window of the console is set to Internal.
REPOSITORY_CACHE=ON tells WebFOCUS to cache information about Managed Reporting users, groups, roles, and Domain content. Information is always read from cache unless WebFOCUS detects that the date-time stamp of the files that contain this data has changed. The date-time stamp feature supports scenarios where a cluster of application servers is sharing a single Managed Reporting Repository. User My Report information is also cached. This setting is turned ON by default.
When set to a numeric setting, WebFOCUS caches information about Managed Reporting Domain content. For example, a setting of 10 caches information about the last 10 domains the WebFOCUS processed. This setting is disabled (set to 0) by default. This setting only applies to installations where the Authorization setting in the MR Security Settings - General window of the console is set to Internal.
When set to a numeric setting, WebFOCUS caches information about Managed Reporting user resources such as information about My Reports and Deferred Receipt tickets. For example, a setting of 50 caches resource information for the last 50 users who have signed-on to WebFOCUS. This setting is disabled (set to 0) by default. This setting only applies to installations where the Authorization setting in the MR Security Settings - General window of the console is set to Internal.
In previous releases, when WebFOCUS was configured to use the CGI/ISAPI client, deferred output saved to a My Reports folder of the user in the Managed Reporting Repository, was written in a format that was incompatible with the WebFOCUS Servlet (WFServlet). This meant that if you upgraded to WebFOCUS Version 7 Release 1, which required the WFServlet configuration for Managed Reporting, you could not access your saved deferred output. The WFServlet now detects and reads the legacy output format, while continuing to read and write with the newer format.
The WF_CGI_ENDIANNESS setting is used by WFServlet to determine the byte order of the deferred output. If your legacy saved deferred output was created on a platform with a little-endian byte order, such as Intel x86, you should keep the default setting of LITTLE. If the output was created on a big-endian platform such as IBM S/390, z/Series, and some UNIX and Linux systems, you should change the setting to BIG. Some platforms can be configured either way so consult with your administrator or experiment if you are unsure of the proper setting for your environment.
Because WFServlet runs on Java technology, which is always big-endian, new deferred output will always be written in big-endian format. WF_CGI_ENDIANNESS is therefore used by WFServlet only to know which way to read legacy saved deferred output created by the WebFOCUS CGI/ISAPI Client.
Enables parameter prompting for all Managed Reporting requests. Possible values are:
Prompts for amper variables created with -DEFAULT and any other amper variable that does not have a value. This is the default value.
Only prompts for amper variables created with -DEFAULT when there is another amper variable that does not have a value assigned and, therefore, will be prompted for.
Turns off parameter prompting at the site level.
Contains the URL of the .xsl file that styles the XML document returned from the Reporting Server when IBIMR_prompting is set to XMLRUN or XMLPROMPT.
Location of the Managed Reporting Repository.
This setting controls the security processing behavior of two different kinds of Managed Reporting requests:
When set to YES, a launch page can run a Managed Reporting report even though the user is not logged on to Managed Reporting. Additionally, a user who is logged on to Managed Reporting can run a drill-down request even when the child report is in a Managed Reporting domain that they do not have access to. If this behavior is a security concern, change the setting to NO.
When set to NO, Managed Reporting domain security is strictly enforced. The behavior for launch pages and drill-down requests is slightly different. If a user who is not logged on submits a Managed Reporting request from a launch page, they will receive an error message or be presented with the Managed Reporting logon page, depending on the value of MR_AUTOSIGNON. If a user who is logged on runs a drill-down request to a child report in a Managed Reporting domain that they do not have access to, they will receive an error message.
Note: This setting supersedes the <set> IBIMR_drill(protect) statement.The protect statement should no longer be used since it disables drill-down reporting, in addition to closing the publish security issue.
When set to YES, in conjunction with MR_ANONYMOUS_RUN_ACCESS=NO, when a user who is not logged on submits a request from a published launch page, they will be presented with the Managed Reporting logon page. After their credentials are successfully validated, the report will be run automatically and they will remain logged on to Managed Reporting. In scenarios where single sign-on is configured (for example SiteMinder integration) the user will be logged on to Managed Reporting transparently.
The setting is only valid for HTTP requests, which means it is not supported with Managed Reporting API and Web Service requests.
How to: |
The SET PERMPASS=password command establishes a password that the user cannot change for access to data sources. You can control whether a PERMPASS is sent to the WebFOCUS Reporting Server with each request by choosing an option for the IBIF_dbapass_src variable.
The DBA password defines access to data sources on the WebFOCUS Reporting Server. Each data source description can specify which passwords are acceptable for accessing the data source. Each password may also be associated with specific access types, conditions and rules that limit access down to the row level if necessary.
Database security is described in the Describing Data With WebFOCUS Language manual.
By setting the DBA password for each request, you establish a single signon from Managed Reporting in the front end to the data source on the WebFOCUS Reporting Server.
ReportCaster also supports the DBA password, which is sent in encrypted form to ReportCaster. The DBA password cannot be assigned a group ID because a single password can be associated with multiple groups. It can be set to the domain ID, the user HREF, or to a user-specified variable.
Note: If a Managed Reporting Repository Driver populates user hrefs from an outside source with file names greater than eight characters, the SET PERMASS=dbapass syntax fails, the server returns an error, and WebFOCUS may function unpredictably.
Note: An alternative method to the MR id setting, which avoids this conversion process and sends the Managed Reporting ID as the value for IBIF_dbapass_src for DBA, is to select the WebFOCUS Variable option and add the IBIMR_ user as the variable. This will send the Managed Reporting Userid, which maximum length is 128 characters.
WebFOCUS |