Configuring Managed Reporting Administered RDBMS Authorization

In this section:

Managed Reporting is configured by default to use the built-in file-system-based repository (basedir) for information about its users, groups, and roles. You can configure Managed Reporting to use a relational DBMS instead, and maintain this information with the Managed Reporting Administration interface.

This section shows how to configure Managed Reporting to use a relational DBMS to maintain information about your users, groups and roles. You have the choice of storing user passwords (encrypted) in the WF_MRUSERS table, or selecting another means of authenticating users. For example, you can trust that authentication is performed by the Web server (Basic, Integrated Windows Authentication, third-party SSO system, and so on), or configure external authentication to LDAP or the WebFOCUS Reporting Server.

You can also adapt Managed Reporting to read and/or write to an existing relational schema, as described in Using an Existing DBMS Schema.


Top of page

x
Creating the Security Repository

How to:

Reference:

You must create or identify a database in which to store your security information. You can use the same database for both the ReportCaster Repository and the external repository for Managed Reporting security information (recommended).

You must also create or identify a DBMS login account to create and access these tables. You can use the same or different accounts for the ReportCaster and Managed Reporting repositories.

The Microsoft SQL Server Realm Driver prefixes (SQLS and SQLS2005) refer to the version of the JDBC Driver being used. For example, you can select the SQLS prefix when using the Microsoft SQL Server 2000 JDBC Driver to connect to Microsoft SQL Server 2000. The SQLS2005 prefix allows connections to Microsoft SQL Server 2000, 2005, and 2008 depending on the JDBC Driver that is configured.

The following table lists which prefix is supported according to the JDBC Driver version:

Realm Driver Prefix

JDBC Driver Version

MS SQL Server

SQLS

MS SQL Server JDBC Driver 2000

2000

SQLS2005

  • MS SQL Server JDBC Driver 2005 Version 1.0
  • MS SQL Server JDBC Driver 2005 Version 1.1
  • MS SQL Server JDBC Driver 2005 Version 1.2
  • 2000
  • 2005

MS SQL Server JDBC Driver 2.0

  • 2000
  • 2005
  • 2008



x
Procedure: How to Create the Security Repository
  1. Configure your directory properties. Log on to the WebFOCUS Administration Console. In the Configuration section, select the External Directories menu item under MR Security Settings. Double-click the prefix that corresponds with your DBMS type, for example, SQLS for Microsoft SQL Server.
  2. Edit the DRIVER.URL, USER, and PASSWORD properties to reflect the connection information to your repository, and then click Save. The user account you supply must have update privileges on the tables you will be creating since it is used by the Managed Reporting Administration interface to maintain your security information.

    Do not change the PREFIX value before running the utility that creates your tables. This utility recognizes only the built-in prefix values ASE, DB2, INFMX, MYSQL, ORCL, and SQLS. After your tables are created, you can create and use multiple custom prefix values, such as for development and test.

    For more information about the properties you can configure, see Standard DBMS Properties.

  3. Select the prefix you configured in the External Directories drop-down list. This requires that you first select Trusted or External Authentication. Click Save and then click OK to process your changes.
  4. If you are using DB2 on MVS, FTP the zosrealm and zosrtabs members in your WebFOCUS\utilities\realm directory to MVS in ascii mode. Next, run zosrtabs through SPUFI to create your table space and zosrealm to create your tables, then proceed to step 10.
  5. Update the DBMS Configuration Utility batch file. Using an editor, update the JDBC_DRIVER_JAR parameter of the WebFOCUS\utilities\realm\realmutil.bat file with the full path to the jar file(s) of your driver. On UNIX installations, there is no extension on the realmutil shell script file name.
  6. Run the DBMS Configuration Utility.
    -----------------------------------------------------
    |                                                   |
    |    MR Realm Driver DBMS Configuration Utility     |
    |                                                   |
    |            Information Builders, Inc.             |
    |                 Copyright 2004                    |
    |                                                   |
    -----------------------------------------------------
    Current Database: SQLSERVER
     
    Select one of the following Actions below
    (You may exit anytime by selecting X):
    -----------------------------------------------------
    1. Create MR Realm Tables and Load Required Data
    2. Load Sample Data
    3. Delete Sample Data
    4. Drop MR Realm Tables (all data will be deleted)
    X. Exit
    -----------------------------------------------------
    Select Action:
  7. Select option 1 to create the tables.
  8. The user accounts created by realmutil.bat do not have a password by default.
  9. When the operation finishes, you can select option 2 to create additional sample data in your repository or select X to end the utility.

    This option inserts two sample domain entries into the WF_MRDOMAINS table. These domains will be automatically created in the MR Repository (basedir) when you log on to MR as an administrator (see Step 6 in Understanding Sign-on Processing with External Authorization).

  10. Log on to the Managed Reporting Administration interface to work with your external relational DBMS repository.


x
Reference: Standard DBMS Properties
x x x x x x x x
MANAGER.CLASS

By default, this value is set to ibi.uas.service.WFMRX_DBSecurityManager when you select a relational DBMS directory.

x x x x x x x
DRIVER.CLASS

Is the path to the class that contains the driver.

x x x x x x x
DRIVER.URL

Is the connection string of the driver. For more information about how to configure this property, see your JDBC driver documentation.

Note: If you are not using the default instance of SQL Server, you must add a second backslash prior to the instance name. For example:

jdbc:microsoft:sqlserver://hostname\\instancename:1433; DatabaseName=databasename;SelectMethod=Cursor

Important: When using the WebFOCUS Administration Console to edit this setting, the two backslashes preceding the instance name are properly saved to mrrealm.cfg. However, the console incorrectly displays them as a single backslash. The second backslash is necessary for the prefix. DRIVER.URL setting in mrrealm.cfg to escape the single backslash required by the JDBC driver.

xxxxxxx
USER

Is an ID that has read/write privileges on the tables in the security repository.

x x x x x x x
PASSWORD

Is the password for USER. When updated through the WebFOCUS Administration Console, this value will always be encrypted with WebFOCUS Encryption.

x x x x x x x
DBOWNER

Is the table owner if the tables were created by an account other than the one specified in USER.

x x x x x x x
MAXCONN

Is the maximum number of connections. Zero specifies an unlimited number of connections.

x x x x x x x
TIMEOUT

Is the timeout value in milliseconds that the Realm Driver will wait for a database connection. Zero specifies no timeout and is the default value.

x x x x x x x
USER.SELF.AUTHENTICATION

Specifies how to authenticate the user to the database directory. When set to false (the default), WebFOCUS looks up the user password in the WF_MRUSERS table and compares it with the value provided by the user. When set to true, the Realm Driver makes a JDBC connection to the database with the user ID and password that were entered on the Managed Reporting logon page and checks for success or failure.

Generally, this should be left set to false. If you have DBMS login accounts for your Managed Reporting users and you want to authenticate them with these credentials, you should consider configuring external authentication to the Reporting Server and having the Reporting Server validate these DBMS credentials.

x x x x x x x
ENCRYPTION

WebFOCUS encrypts/decrypts end-user passwords written to/read from the WF_MRUSERS table. By default, passwords stored in the WF_MRUSERS table use the encryption algorithm specified by the WFENCR parameter in the install_drive:\ibi\WebFOCUS77\webapps\webfocus77\WEB-INF\web.xml file and uses the ibi.webfoc.wfsecurity.encryption.defenc.WFDefaultEncryption encryption class by default. To change the default encryption class, see Optional Built-in Encryption Providers.Therefore, the ENCRYPTION parameter in the WebFOCUS Administration Console must always contain the value of WFENCR to use the encryption algorithm configured in the web.xml file.


Top of page

x
Customizing DBMS Directory Properties

Reference:

By adding properties to your WebFOCUS/config/mrrealm.cfg file, you can customize the behavior of the WFMR_DBSecurityManager class. These changes need to be made by editing the file directly, not using the WebFOCUS Administration Console. You should make a backup copy of the file first in case you need to undo your changes.



x
Reference: Using a Datasource for DBMS Connectivity

Optionally, you can uncomment the prefix.DATASOURCE=datasourcename property in mrrealm.cfg to define JDBC connection attributes in your web.xml file. In this case, prefix.USER and prefix.PASSWORD are ignored. Once you uncomment this property in the file, it will become accessible in the console.



x
Reference: Using Stored Procedures

By default, Managed Reporting uses SQL statements to read and write to its relational DBMS security repository. You can configure Managed Reporting to call stored procedures instead if your DBMS is Sybase, SQL Server, or Oracle.

To use stored procedures, uncomment the prefix.USE_STORED_PROCEDURES property in your mrrealm.cfg file, where prefix is either ASE (Sybase), SQLS, or ORCL. Then set this property to true. Next, run the MR Realm DBMS Configuration Utility and select option 5. Create Stored Procedures. The utility will create 43 stored procedures in your DBMS, and Managed Reporting will call these for its repository communications instead of issuing SQL statements.

There are four functions that are not implemented as stored procedures and therefore must be added as properties to the mrrealm.cfg file:

prefix.SELECT_DOMAIN_OBJ_FIELDS
prefix.SELECT_GROUP_OBJ_FIELDS
prefix.SELECT_ROLE_OBJ_FIELDS
prefix.SELECT_USER_OBJ_FIELDS

For more information about how to set these properties, see http://techsupport.informationbuilders.com/tech/wbf/wbf_tmo_realm.html.



x
Reference: Using an Existing DBMS Schema

By default, the WFMRX_MRSecurityManager class is configured to read and write to a specific relational DBMS schema. You may be able to configure Managed Reporting to use your own relational schema, depending on its structure and your experience with the Structured Query Language (SQL).

Generally speaking, Managed Reporting issues SQL statements to read and write information to the DBMS repository (see Using Stored Procedures). You can override the standard SQL statements with your own SQL using properties in mrrealm.cfg. For more information, see http://techsupport.informationbuilders.com/tech/wbf/wbf_tmo_realm.html.


WebFOCUS