FAQs - Security Overview

JReport employs a two-step process for delivering a secure reporting environment: authentication and authorization.

Authentication establishes that the user has permission to access the JReport Enterprise Server. Authentication is accomplished directly through JReport or through an external system which can pass authentication data to JReport.

Authorization establishes the resources that can be accessed and the actions that can be performed by an authenticated user. Available resources include folders, report templates, and report results or versions. Available actions include viewing, modifying, deleting, scheduling, and deploying reports.

JReport offers three methods for implementing security: 

1) Built-in Security

a) Built-in user/role and permission management system.

b) User/role, resource & action permission information can be stored in a built-in HSQL database or other database.

2) Synchronization with external source

a) LDAP, MS Active Directory, Lotus Domino, and Novell Directory Server supported for user/role authentication.

b) JReport Enterprise Server will grant or deny access based on external server identification of user name and password.

c) JReport Enterprise Server can synchronize with external server manually or automatically.

3) Security API

a) Management of users/roles and permissions outside of the JReport Enterprise Server.

b) Used if users/groups are not stored in LDAP or Active Directory (ex: database or web service) OR customers wants to maintain all security settings within one security center.

c) Allows for seamless integration of JReport Security within existing security system.

Back to Top