About HCL Compass reporting security

HCL Compass provides security features that can be configured to protect access to the Report Launcher for HCL Compass and access to run reports from the reporting server. Use the information in this topic to learn about the network, client, and data security.

The level of access control provided for the Report Launcher for Compass is a subset of the access control available for HCL Compass. Access control for the Report Launcher for Compass is used for these purposes:
  • Determine the pool of eligible users for the Report Launcher for HCL Compass. Report Launcher users must have existing HCL Compass accounts before they can be granted access to the report launcher.
  • Validate the user credentials during logon to the Report Launcher.
  • Authenticate Report Launcher for HCL Compass users who attempt to run reports on the report server.
You can also configure HCL Compass to provide additional security mechanisms for network, client, and data security for the Report Launcher for Compass.
Network security
To provide secure access to the Report Launcher for HCL Compass and the Compass reporting data, deploy the Report Launcher by using a secure connection (https). For information about configuring secure sockets for HCL Compass web components, see Configuring secure connections.
Client security
Client security for Report Launcher for HCL Compass is implemented by using J2EE Declarative Security. Using this approach, the Report Launcher itself is not security aware. Access to the client is configured through its deployment descriptor and enforced by WebSphere® Application Server. By default, the Report Launcher for HCL Compass deployment descriptor provides these security roles to control access to the report launcher web interface and specified report directories: Basic User, Team Member, and Super User. These default roles can be customized for your environment. See Configuring security for the Report Launcher and reports.
Data security
By default, the Report Launcher for HCL Compass does not control view access to report files that are hosted in a configured Report Launcher directory. A user with access to the Report Launcher server can browse the list of reports that exist in the Report Launcher directories for that server. However, you can secure access to the report folders by using either of the following methods:
For reporting authentication, only users authorized to run the HCL Compass queries used by a report can run it. For example, if a user named user attempts to run a report that requires access to a query in the Personal Queries folder of the admin user. HCL Compass generates an error message like the one shown in the following example.
Cannot get the result set metadata. SQL statement does not return a ResultSet object.
SQL error #1: CRVAP0237E Resource 'cq.query:Personal Queries/All
Defects@7.0.0/SAMPL': not found.
Credential storage

The Report Launcher for HCL Compass Report uses credentials to control access to run and view reports. BIRT Reports provide a mechanism for passing user credentials when a report is run. See Using the Report Launcher for HCL Compass. BIRT reports can also be designed to prompt for user credentials, but this capability must be configured in the report design. Credentials are temporarily stored on the server during the session and are discarded when the session ends. See Passing credentials to BIRT reports at run time.