Creating Roles

In this section:

WebFOCUS Managed Reporting supports roles, making it easier to administer large numbers of users. A role is a collection of user privileges. Each user can have only one role. Users inherit the privileges that are associated with their role. Additional privileges can be assigned to users as needed. Roles are created and maintained by a Managed Reporting Administrator and an MR Security Object Manager. Roles can be assigned to users by Managed Reporting Administrators. MR Group Authorization Managers, and Managed Reporting Group Administrators.

There are several base roles (Analytical User, Developer, Library Only User, MR Administrator, MR Group Authorization Manager, MR Security Object Manager, No Privileges, and User) and custom roles (Content Manager, Power User, and Run Only User) provided with Managed Reporting. Custom roles extend base roles and provide flexibility by allowing the administrator to add or remove specific privileges. You can create your own custom roles and customize the provided base roles.

Note:

Top of page
x
User Roles Defined

Reference:

Each user role has a set of default and optional privileges. The following table provides a description of each role along with a list of associated privileges.

Role Description

Privileges

Users with the No Privileges role do not have any privileges and, therefore, are denied access to Managed Reporting interfaces.

None.

The Library Only User role provides the ability to create Managed Reporting users who can only access content stored in the Report Library. This content can be viewed in the Report Library and in a Dashboard page when displayed as a list, launch, output block, or watch list. Library Only Users cannot run reports, view the Domain Tree, view the Role Tree, access other WebFOCUS environments, and have limited access to Dashboard components.

Default privileges: Library

Optional privileges: Enable accessibility features (Section 508).

The Save My Reports, Share My Reports, Advanced, Data Server, ReportCaster Administrator, and Schedule privileges are not available for the Library Only User role.

Users with the User role can run Standard Reports (in immediate and deferred mode) and can run shared My Reports created by other users.

Default Privileges: None

Optional Privileges: Enable accessibility features (Section 508), Save entered values, Library, and Schedule.

The Save My Reports, Share My Reports, Advanced, Data Server, and ReportCaster Administrator privileges are not available for the User role.

The Run Only User role is based on the Analytical User role. The Run Only User role can do everything a user with the User role can do. In addition, this user can access the Assistant tools and create My Reports. The Run Only User cannot save My Reports.

Default privileges: None

Optional privileges: Enable accessibility features (Section 508), Save entered values, Library.

The Save My Reports, Share My Reports, Advanced, Data Server, ReportCaster Administrator, and Schedule privileges are not available for the Run Only User role.

The Analytical User role can do everything a user with the Run Only User role can do. In addition, the user can save My Reports from the Assistant tools. If granted, the user can also share My Reports and create Custom Reports. The user can also save deferred output from the Deferred Report Status Interface.

Default privileges: Save My Reports

Optional privileges: Share My Reports, Advanced, Enable accessibility features (Section 508), Save entered values, Schedule, Library.

The ReportCaster Administrator and Data Server privileges are not available for the Analytical User role.

The Power User role is based on the Analytical User role. The Power User role is another example of how you can customize roles. It extends the Analytical User role with the Advanced and Share My Report privileges.

Default privileges: Save My Reports, Share My Reports, Advanced

Optional privileges: Enable accessibility features (Section 508), Save entered values, Schedule, Library.

The Data Server and ReportCaster Administrator privileges are not available for the Power User role.

The Developer role can do everything an Analytical User can do. In addition, they have access to the Domain Builder where they can create Standard Reports and Reporting Objects for the domains to which they have access. By default, users who have the Developer role do not have access to the Data Servers feature unless it is granted to them explicitly or the Developer role is changed to have Data Server selected.

Default privileges: Save My Reports

Optional privileges: Share My Reports, Advanced, Enable accessibility features (Section 508), Data Server, Save entered values, Schedule, Library.

The ReportCaster Administrator privilege is not available for the Developer role.

The Content Manager role is based on the Developer role. The Content Manager role is an example of a customized role. It extends the Developer role with the Data Server, Advanced, and Share My Report privileges.

Default privileges: Save My Reports, Share My Reports, Advanced, Data Server

Optional privileges: Enable accessibility features (Section 508), Save entered values, Schedule, Library.

The ReportCaster Administrator privilege is not available for the Content Manager role.

The MR Group Authorization Manager role can perform the following tasks to manage access to Managed Reporting application content and manage tasks that users are allowed to perform, but only for the groups that the MR Group Authorization Manager is a member:

  • Assign users and domains to groups.
  • Assign user roles.
  • Assign Server and Application domain properties.

This role cannot create or delete users, and cannot manage a user who is not a member of a group to which the MR Group Authorization Manager belongs, or is a member of a group or groups to which the MR Group Authorization Manager does not belong.

None.

The MR Security Object Manager role can create and manage domains, groups, roles, and users.

Users created by a MR Security Object Manager are assigned the No Privilege role (described earlier in this table), which means that they have no functional capabilities.

None.

The Managed Reporting Administrator role has unrestricted access to Managed Reporting.

If a user with the Managed Reporting Administrator role but without the ReportCaster Administrator privilege creates other Managed Reporting Administrators, the ReportCaster Administrator privilege will not be available to grant to the user.

When the ReportCaster Administrator privilege is assigned, the Schedule and Report Library privileges are automatically assigned and the Schedule privilege cannot be unassigned.

Default privileges: Save My Reports, Advanced, Data Server

Optional privileges: Share My Reports, Save entered values, ReportCaster Administrator, Schedule, Library, Enable accessibility features (Section 508).
x
Reference: User Role Matrix

The following table lists each user role and its corresponding default and optional privileges. The following are the role abbreviations used in the table:

Note: The NP, GA, and SO roles do not have privileges associated with them.

User Roles

LO

US

RO

AU

PU

DV

CM

MA

Privileges (O=Optional; D=Default; F=Fixed )

Enable accessibility (Section 508)

O

O

O

O

O

O

O

O

Advanced

 

 

 

O

D

O

D

F

Data Server

 

 

 

 

 

O

D

D

Save Entered Values (My Reports)

 

O

O

O

O

O

O

O

Save Reports (My Reports)

 

 

 

D

D

F

F

F

Share Reports (My Reports)

 

 

 

O

D

O

D

O

Schedule (ReportCaster)

 

O

 

O

O

O

O

O

Library (ReportCaster)

F

O

O

O

O

O

O

O

Administrator (ReportCaster)

 

 

 

 

 

 

 

O

Note: Optional privileges are turned off initially, but can be turned on. Default privileges are turned on initially, but can be turned off. Fixed privileges are turned on and can not be turned off. Also, the Enable accessibility features (Section 508) optional privilege for the Managed Reporting Administrator role is available beginning in Version 7 Release 6.5.

The following table lists the Managed Reporting functional capabilities that are provided with the default privileges for each user role.

User Roles

LO

US

RO

AU

PU

DV

CM

MA

Functional Capabilities *

Limited dashboard component access

*

 

 

 

 

 

 

 

Only access Report Library content

*

 

 

 

 

 

 

 

Run other users' shared My Reports

 

*

*

*

*

*

*

*

Run Standard Reports (immediate)

 

*

*

*

*

*

*

*

Run Standard Reports (deferred)

 

*

*

*

*

*

*

*

Access Assistant tools (see Note)

 

 

*

*

*

*

*

*

Advanced Graph Assistant

 

 

 

 

 

*

*

*

Save My Reports from Assistant tools

 

 

 

*

*

*

*

*

Save deferred output

 

 

 

*

*

*

*

*

Create Standard Reports & Reporting Objects

 

 

 

 

 

*

*

*

Create Managed Reporting Users

 

 

 

 

 

 

 

*

Manage and promote User’s My Reports to Standard Reports

 

 

 

 

 

 

 

*

Note: Assistant tools refers to the Report Assistant, Graph Assistant, InfoAssist, and Power Painter tools. The InfoAssist and Power Painter license codes must be specified in the WebFOCUS Client configuration to make these tools accessible to users.
x
Reference: Role Inheritance

Inheritance between the base role and any new roles you create only occurs at the time you create the role. If the base role is modified, changes will not be reflected in any roles you created previously that are based on this role.

For example, you want to create a new role based on the Analytical User role. The Analytical User role is a base role that is included with WebFOCUS Managed Reporting and has the Save My Reports privilege by default. When you create your new role, named NewRole, it inherits the Save My Reports privilege from the Analytical User base role. You can then customize the NewRole and add any available privileges.

If the Analytical User base role is modified after you create your NewRole, this does not effect your NewRole since inheritance between roles only occurs at the time you create the role.
Top of page
x
User Privileges Defined

How to:

Privileges effect Managed Reporting and ReportCaster user interface behavior. Generally speaking, having a privilege means you can use the corresponding product feature. One exception is the 'inactive' privilege, which means you are denied logon rights to Managed Reporting. Privileges are associated with Roles. An Managed Reporting Administrator, MR Group Authorization Manager, or Group Administrator can also assign privileges to users directly, though there are some limitations.

Note: When ReportCaster is not installed, the ReportCaster Schedule, Library, and Administrator privileges are not available.

The following table lists and describes each privilege.

Privilege

Description

General

Enable accessibility features (Section 508)

Specifies that a user can utilize Section 508 compliant online help, user interfaces, and tools.

Advanced

Only users who are assigned the Advanced privilege, regardless of their role, are enabled to:

  • Create and edit Custom Reports, which appear in their own folder under the My Reports folder. Unlike other My Reports, Custom Reports are not built from Reporting Objects. Users build these reports with tools including the text editor, InfoAssist, Power Painter, Report Assistant, and Graph Assistant. Note that only users who are assigned the Advanced privilege can create Custom Reports.
  • View all data sources in the domain path when creating dynamic parameters using the Variable Editor. Without the Advanced privilege, users can only view data sources used in the Reporting Objects.

Data Server

Specifies whether a user can access the Data Servers component. Also controls whether or not the server and application path properties on a domain, report, or Reporting Object can be modified by the user.

My Reports

Save Entered Values

Enables users to save their selected parameter values as a My Report. When users run the My Report, a launch page opens with their parameter values already selected and they can then run the report.

Save Reports

Enables users to create and save My Reports. The Advanced privilege is also needed to create My Reports that are Custom Reports.

Share Reports

Is required for a user to share a My Report or Custom Report with other users who have access to the same domain. Once a user shares a My Report or a Custom Report, other users can run the report and copy the report into their own My Reports tab if they have the Save My Reports privilege. The Share My Reports privilege does not have to be active for a user to run or copy reports that have been shared by others.

ReportCaster

Administrator

Designates the user as a ReportCaster Administrator.

Schedule

Allows a user to schedule procedures using ReportCaster. This capability is available only when ReportCaster is installed.

Library

Allows a user to access the Report Library, which is a ReportCaster storage and retrieval facility. This capability is available only when ReportCaster is installed and configured with the RDBMS repository option.
x
Procedure: How to Create a New Role
  1. In the Managed Reporting Administration interface, click Roles.
  2. Click the New New button button.

    The New Role dialog box opens in the right pane.

  3. Type the Role Name.
  4. Select the Base Role.

    This is the role for which the new role is based. For details on what privileges come with each role, see User Roles Defined.

  5. Select the desired Privileges.

    Note: The MR Security Object Manager, MR Group Authorization Manager, and No Privileges roles do not have privileges that can be assigned, therefore, no privileges are displayed.

    For details on privileges, see User Privileges Defined.

  6. Click Save.
x
Procedure: How to Customize an Existing Role
  1. In the Managed Reporting Administration interface, click Roles.
  2. Click the Edit Edit button button.

    The Selected Role - rolename dialog box opens in the right pane.

  3. Make any necessary modifications and click Save.
WebFOCUS