Report Security

StanBalish · ‎Apr 22, 2015

Wondering if anybody knows how to add additional security to a Windchill Report preventing users who do not have read access to a context, from running a report on that context. If a report that is Exposed/Ready To Use in say the Home Page and Product context,has context in the criteria window the user can change that context to one they do not have read access to. This will allow the user to "back-door" into that context to pull information they would not normally have access to.

MikeLockwood · ‎Apr 22, 2015

Not really a way to enable / prevent access to a Product due to things like the report (and also searching) - may be better to focus on the data in the product directly.

Suggest approaching via the ACL's for that Product context.

If the Product is not Private it inherits from any ACLs at Org / Site level.

Making it Private is a way of more easily making sure of all ACL's that apply.

rwelch · ‎Apr 23, 2015

Hi Stan,

Rather than using the out of the box context picker in the report criteria window one thought might be to use a customized picker with a validator that restricts access.

Ron

JeffZemsky · ‎Apr 27, 2015

Stan,

The default behavior of a report would not show a user data that they do not have access to. They need to have READ access for the report to return results. The only difference would be if in the report definition that you specifically select the option of Override Access control. In that situation they would see the data.