on โ07-13-2012 2:02 PM
Dear forum
We are in the process of developing a module where users can upload there own crystal report and execute them.
Problem
The data is sensitive and restricted by user login and user permissions in the application. As soon as we allow users to upload there own reports this in effect is going to by pass the security aspects of the application.
Is row level security the only option?
Have other users had similar experinces and found a solution.
All ideas and thoughts are very welcome.
Thank you all in advance
Paul Marks
Hello Paul
The data is sensitive and restricted by user login and user permissions in the application
What is the "application"? CR? App written in .NET? Java?
I do not understand this:
As soon as we allow users to upload there own reports this in effect is going to by pass the security aspects of the application.
If a logon is required, how would the above by pass the security?
- Ludek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ludek
Thank you for your response.
The application is in .net and has its own internal security
features to protect data.
The issue customers will be writing their own reports and
submitting them. The application utilizes a single login as a connection to the
data. There are no security layers on the database currently on the database to
secure the data at row level. The application relies on its own functionality
to administer security. The user would in effect have direct access to all of
the data using this connection. The data base currently has no security layers
imposed. All security for the application is maintained by the application.
I believe from my own research I have two options (I am looking
for a third) 1) introduce row level security or 2) purchase BOE
I hope this assists further in explaining the issue
With Kind Regards
Paul
Ok then. I moved your post to the SAP Crystal Reports, version for Visual Studio forum.
Third option may be to secure the report file. This you can do with Crystal Reports 2011 and Crystal Reports for Visual Studio 2010. Note that these files have an RPTR extension and can only be run by CR2011 and Crystal Reports for Visual Studio 2010.
See KB-1527150 - How to Export to read only Crystal Reports Format (*.rptr) format using the Crystal Rep... for more details.
- Ludek
Ludek
Thank you for your reply
The issue is nothing to do with the protection of the report or its intelectual integrity. These will all be created by our customers and presented as custom reports.
Problem here is one custom report without any secure layer to the database could present data to a users that they do not have permission to see,
I am looking for alternative approaches to securing the data either within crystal reports or at database level
As the vendor of the appliction we have a duty of care to ensure the application is secure but we will have no control on the reports that are presented to a report custom area.
With Kind Regards
Paul
User | Count |
---|---|
77 | |
9 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.