Skip to main content

Report security

Reports allow a variety of users to access a wide range of data in very different ways. This is a strength of the product, but also requires advanced data security to make sure that your users cannot access sensitive data. When setting up your reports, you can add filters to determine how your users can view and interact with your data. We provide additional security and guardrails to make sure your report data is secure and your users only see what they're supposed to see.

There are two types of parameters in a report: pick list parameters and non-pick list parameters. We secure these in the following ways:

  • Pick list parameters - When the pick list value displays in the URL, our software includes an additional validation that checks to make sure that any value coming from the URL is included in the list of values for that pick list and allowed for the current web user. This validation also takes into account cascading pick lists, where the selection of one pick list can filter the list of values in a second pick list, and so on. If the value coming from the URL is not valid and is not included in the list for the pick list, the pick list is set to its configured default. If the default value isn't valid (which can happen for cascading pick lists) the pick list will be set to empty.

  • Non-pick list parameters - Our software includes an optional setting to store links as secure tokens. This allows us to validate that the web user and associated parameters are a valid combination. This extra validation is turned ON by default for new reports.

    Important

    If you choose to turn this setting OFF, make sure you follow best practices for securing your reports.

Best practices to build web user restrictions in Presenter Adaptive reports

Follow these best practices to create web user restrictions in Presenter Adaptive reports.

Important

To secure your reports, your model must include a reporting hierarchy calculation. This defines the web user to payee relationship for report visibility.

  1. In the Payee table, duplicate the PayeeID column and make it a non-key column.

    Note

    Varicent changes values to uppercase when importing into a key field. Make sure your duplicate PayeeID column is also uppercase so that the Payee IDs match exactly.

  2. Create a data store that includes your reporting hierarchy calculation and the non-key copy of the PayeeID.

    1. In the Composer module, from the Palette tab, drag the Data Store object onto the canvas.

    2. Type a unique name for the data store and click Save.

    3. Add your calculation and the non-key copy of the PayeeID as data sources.

  3. For each report that needs security, create a stored value from the non-key copy of the PayeeID, based on the web user and selected parameters:

    1. From the Reports module, select a report.

    2. Click the Values icon (Values icon).

    3. Click the + Add drop-down, and then click Add stored value.

    4. Enter a name for the stored value and select a source (the source will be the calculation from step 2).

    5. In the column field, select your non-key PayeeID column.

      Note

      This is why we created the non-key copy in step 1. A field that is part of the key to the data store can't be used as a stored value.

    6. Set the WebUser field to Current web user.

    7. Set any additional parameters based on the pick lists available in your report.

  4. For every object in your report that needs data security, add a filter that compares the payee the data references with the Payee stored value:

    1. Click on the section of the report where you are adding security.

    2. Click the Filters tab.

    3. Click + Add filter.

    4. When setting up your filter, match to the stored value you created in step 3.

Best practices to build web user restrictions in Presenter Structured reports

Follow these best practices to create web user restrictions in Presenter Structured reports.

Important

To secure your reports, your model must include a reporting hierarchy calculation. This defines the web user to payee relationship for report visibility.

  1. In the Composer module, create a connection between the Presenter Structured report where you want to add security and report your reporting hierarchy calculation.

  2. Open the Presenter Structured report where you want to add security.

  3. Create a stored value that uses your reporting hierarchy calculation as a source:

    1. On the Values field, click the more options menu (...), and then click Add value.

    2. Make sure Stored is selected to create a stored value.

    3. Name your value.

    4. In the source field, select the reporting hierarchy calculation you connected to your report in step 1.

    5. Set the PayeeID field to correspond to the Web User.

    6. Set any additional parameters based on the pick lists available in your report.

    7. Click Finish.

  4. For every object in your report that needs data security, add a restriction that compares the payee the data references with the stored value:

    1. Expand the Sources field.

    2. Click the more options menu (...) on the data source you want to restrict and click Edit.

    3. Add the stored value you created in step 3 as a data source.

    4. Click the Restrictions tab.

    5. Set a global restriction that states that your stored value is Not Empty.

      Tip

      You can get more specific by setting this restriction to a number. This restricts access based on the payee's level in the organization's hierarchy structure (determined by your reporting hierarchy calculation). For most uses cases, setting this restriction to Not Empty is the most efficient way to add security.

Enabling report security for non-pick list parameters

You have the option to enable report security for your reports. This security encrypts non-pick list parameters using a secure token and sets an expiry on report links.

Warning

This settings is turned ON by default for all new reports. We recommend you keep this setting turned ON to make sure your reports are secure and cannot be accessed by unauthorized users. If you choose to turn this setting OFF, make sure to follow best practices for securing your reports against the web user. See, Best practices to build web user restrictions in Presenter Adaptive reports and Best practices to build web user restrictions in Presenter Structured reports.

  1. In the Reports module, open the report where you want to apply report security.

  2. Click the Report options icon (Settings icon).

  3. Under Report security, enable the Secure report toggle.

    Note

    This secures your report by encrypting the parameters using a token. It also sets an expiry on report links. When linking to a report from another report, a lock icon displays next to the report name to inform you that the report has security enabled.

  4. Click Save.