Downloadable Permission Reports
Copyright © 2019 EarthSoft, Inc • Modified: 31 May 2019
To provide an easier way to be able to review all applicable permissions granted or denied to a user or role, there are two downloadable reports that contain the specific and effective permissions granted or denied to a user or role, and the specific permissions that have been granted or denied on an object or object type. These two downloadable reports are the User Permissions Report and the Object Permissions Report.
The User Permission Report is a downloadable Excel file that contains the permission granted or denied to a specified user or role. It mimics what is shown in the permissions grid on the User Profile and Role Profile editor windows. The report consists of an Excel workbook with multiple worksheets. The first worksheet, called "Report Info", is an overview of the report including report run time, run by, which user the permission is for, and what report parameters were used. The remaining worksheets contain the permissions for the specified user or role. The worksheets are separated by object type similar to the permission grid, and the spreadsheet columns and rows will be the same as on the permissions grid, using the same icons.
If the user is an administrator, the report will list all objects and object types. If not, the report will only list the objects and object types for which the user has been granted at least viewer permission.
The Object Permission Report is a downloadable, Excel file that contains the permission granted or denied on a specified object. The report consists of an Excel workbook with multiple worksheets. The first worksheet, called "Report Info", is an overview of the report including report run time, run by, which object the permissions are for, and what report parameters were used. The two remaining worksheets show the permissions on the object for Users and Roles, respectively. The format of the Users and Roles worksheets is similar to the permission grid, but instead of the rows listing objects with the associated permissions, the rows list users and roles with the associated permissions for the report's specified object.
If the user is an administrator, the report will list all users and roles. If not, the report will only list the logged on user and any roles to which that user is a member.
Both of these reports are EQuIS class reports that are created from a supporting report assembly, EarthSoft.Reports.Library.97403.dll. This assembly will be installed with Enterprise 7 in the ../bin/ folder. To enable the reports in Enterprise, do the following:
1.Publish the reports – The two reports from the EarthSoft.Reports.Library.97403.dll assembly will need to be published to the database before they will work. Publishing can be achieved with EQuIS Professional. To publish using EQuIS Professional, follow the steps here.
2.Grant appropriate permissions – Once the report has been published to the EQuIS database, users who do not already have permission to view the general report type will need to have at least Viewer permission granted to them for each of the two above mentioned reports. The permission has to be granted to these reports specifically. Granting any permission to a new report created from these reports will not enable the download links in the application.
Links to download the report have been added directly to Enterprise. These links will only appear if the reports have been enabled (reports deployed and appropriate permissions given) for the user. These download links are located in the following places in Enterprise 7.
User Permissions Report: A download button has been added to the Permissions section of the User Profile which can be accessed by administrators from the User Manager Widget or the current logged on user's profile linked to from the dashboard header.
Clicking on this download button will run the report and download the report in the browser. The report will be the permissions to the user open in the User Profile. If the user is not an administrator and is accessing his own user profile, the report will only show the effective permissions on objects that user has at least view permission. It will be the same as the permissions grid displayed for that user.
Object Permission Report: Download links with the icon have been added to a new column on the permissions grid located on either the User Profile or the Role Profile Editor. Clicking on this download link icon will run the report and download it in the browser. The report will be the permissions granted or denied to users and roles on the EQuIS Enterprise object specified in that row of the permissions grid. If the user is not an administrator and is accessing the download link from the permissions grid on that user's User Profile, the report will only show permissions on the specified object effectively granted to that user and only to roles to which that user is a member.
The reports can be run and downloaded like any other EQuIS report with the EZView Widget including running from an EQuIS Information Agent (EIA). To run from an EIA, a new user report will need to be created from either of the main reports. The following report parameters can be set.
User Permissions Report Parameters:
User or Role ID: The user or role for whom to see the permissions. If the logged on user is an administrator, all users and roles will be displayed. If the user is not an administrator, only their own user and only roles to which they belong will be displayed.
Filter/Object Type: Selecting one of more items from this list will limit the types of objects and the permissions that the user has on those objects.
Filter/Hide Null Objects: Setting this to yes will cause the report to not include objects that the user has not been granted or denied any permission.
Filter/Search Text: The report will only include objects with a name or attribute similar to the entered search text. This works the same as the search box on the permissions grid.
Object Permission Report Parameters:
Object Type: To select an Object ID, one of the items from this list must be selected.
Object ID: The EQuIS Enterprise object or object type (dashboard, report, facility, etc.) on which to see which users and roles have been granted or denied permissions. If the logged on user is an administrator, the list will include all objects of the specified "Object Type". If not, the list will only include those objects to which the user has been granted at least View permission.
Filter/Search Text: The report will only include users or roles with a name or attribute (such as email) similar to the entered search text.
If the report has been published to the database and either the assembly has been included in the database or the assembly has been copied to the EQuIS Professional install directory, the report can be run like any other EQuIS report. However, some parameters may not be able to be set and/or the report may not output any results, unless the EQuIS Professional user connects to a facility with an EQuIS Enterprise user.