Downloadable Permission Reports
Copyright © 2019 EarthSoft, Inc • Modified: 05 Mar 2019
In order to provide an easier way to be able to review all applicable permissions granted or denied to a user or role, there are two downloadable reports that contain the specific and effective permissions granted or denied to a user or role, and the specific permissions that have been granted or denied on an Enterprise object or object type. There are two types of downloadable reports, the User Permissions Report and the Object Permissions Report.
The User Permission Report is a downloadable Excel file that contains the permission granted or denied to a specified user or role. It mimics what is shown in the permissions grid on the Enterprise User Profile and Role Profile Editor. The report consists of an Excel workbook with multiple worksheets. The first worksheet, "Report Info", is an overview of the report including report run time, run by, which user the permission is for, and what report parameters were used. The remaining worksheets contain the permissions for the specified user or role. The worksheets are separated by object type similar to the permission grid, and the spreadsheet columns and rows will be the same as on the permissions grid, using the same icons.
If the logged-on user is an administrator, the report will list all objects and object types. If not, it will only list the objects and object types on which the user has been granted at least view permission.
The Object Permission Report is a downloadable Excel file that contains the permission granted or denied on a specified object. The report consists of an Excel workbook with multiple worksheets. The first worksheet, "Report Info", is an overview of the report including report run time, run by, which object the permissions are on, and what report parameters were used. The two remaining worksheets show the permissions on the object for first, Users, and second, Roles. The format of the Users and Roles spreadsheets is similar to the permission grid, but instead of the rows listing objects of the associated permissions, the rows list users and roles with the associated permissions for the report's specified object.
If the logged-on user is an administrator, the report will list all users and roles. If not, it will only list the logged on user and any roles to which that user is a member.
Both of these reports are EQuIS class reports that are created from a supporting report assembly, EarthSoft.Reports.Library.97403.dll. This assembly will be installed with Enterprise in the ../bin/ folder. To enable the reports in Enterprise, do the following:
1.Publish the reports: The two reports from the EarthSoft.Reports.Library.97403.dll assembly will need to be published to the database before they will work. Publishing can be done by publishing with EQuIS Professional or with Enterprise Manager.
a.To publish using EQuIS Professional, follow the steps here under the Publish Report from Report Publisher section.
b.To publish using Enterprise Manager:
i.Run Enterprise Manager from the Start menu (All Programs > EarthSoft > EQuIS Enterprise > EQuIS Enterprise Manager).
ii.Connect to a database.
iii.Click the Publish Report button and follow Step 3 here under the Publish Report from Report Publisher section.
iv.Click Yes to the query, "Import Reports?".
2.Grant appropriate permissions: Once the report has been published to the database, users who do not already have permission to view the general report type will need to have at least the View permission granted to them for each of the two above mentioned reports. The permission has to be granted to these reports specifically. Granting any permission to a new report created from these reports will not enable the download links in the application.
Links to download the report have been added directly into Enterprise. These links will only appear if the reports have been enabled (reports deployed and appropriate permissions given) for the logged on user. These download links are located in the following places in Enterprise.
User Permissions Report: A download button has been added to the Permissions section of the User Profile, which can be accessed by administrators from the User Manager Widget or the current logged on user's profile linked to from the Enterprise dashboard header.
Click on this download button to run the report and download it in the browser. The report will be the permissions to the user open in the User Profile. If the user is not an administrator and is accessing his own user profile, the report will only show the effective permissions on objects that user has at least view permission. It will be the same as the permissions grid displayed for that user.
Another download button has been added to the Permissions section of the Role Profile Editor, which can be accessed by administrators from the Role Manager Widget.
Object Permission Report: Download links with the icon have been added to a new column on the permissions grid located on either the User Profile or the Role Profile Editor. Click on this download link icon to run the report and download it in the browser. The report will be the permissions granted or denied to users and roles on the EQuIS Enterprise object specified in that row of the permissions grid. If the user is not an administrator and is accessing the download link from the permissions grid on that user's User Profile, the report will only show permissions on the specified object effectively granted to that user and only to roles to which that user is a member.
The reports can be run and downloaded like any other EQuIS report with the EZView Widget, including running from an EQuIS Information Agent (EIA). To run from an EIA, a new user (pick) report will need to be created from either of the main reports. The following report parameters can be set.
User Permissions Report Parameters
User or Role ID: The user or role for who will see the permissions. If the logged on user is an administrator, all users and roles will be displayed. If the user is not an administrator, only their own user and only roles to which they belong will be displayed.
Filter/Object Type: Selecting one of more items from this list will limit the types of objects and the permissions that the user has on those objects.
Filter/Hide Null Objects: Setting this to yes will cause the report to not include objects that the user has not been granted or denied any permission.
Filter/Search Text: The report will only include objects with a name or attribute similar to the entered search text. This works the same as the search box on the permissions grid.
Object Permission Report Parameters
Object Type: To select an Object ID, one of the items from this list must be selected.
Object ID: The EQuIS Enterprise object or object type (dashboard, report, facility, etc.) on which to see which users and roles have been granted or denied permissions. If the logged on user is an administrator, the list will include all objects of the specified "Object Type". If not, the list will only include those objects to which the user has been granted at least View permission.
Filter/Search Text: The report will only include users or roles with a name or attribute (such as email) similar to the entered search text.
If the report has been published to the database and either the assembly has been included in the database or the assembly has been copied to the EQuIS Professional install directory, the report can be run like any other EQuIS report. However, some parameters may not be able to be set and/or the report may not output any results, unless the EQuIS Professional user connects to a facility with an EQuIS Enterprise user.