The following code snippets are fully functional XML security files for Zoola Domains. As explained in the Manager View Case Study, XML Security files allow you to add an extra layer of data security to a DomainData Source, tying information from the report viewer's user profile to the report and auto-filtering table rows of the information in the Domain. This report.
For example, this form of data security would could enable a Manager to only see the data of users they manage (tying the User ID of the viewer profile Manager to the Manager ID of the user profiles in the Report/View drawn from the Domain).
The following code snippets can be used in the same manner as the Manager View (for a walkthrough on adding a security file to a Domain, see Case Study: Creating a Manager View.
Group ID (groupids)
For both Moodle and Totara—secures the Group ID from the viewer profile to the Group IDs in the Domain, so that a viewer only sees data from members of their group.
| Code Block | ||
|---|---|---|
| ||
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!--Row level security -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!--Row level for organisations -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['groupids'] }]]></principalExpression>
<filterExpression>testProfileAttribute(mdl_groups.id,'groupids')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition> |
User ID (userid)
For both Moodle and Totara—secures the User ID of the viewer profile to the User IDs in the Domain, so that a viewer only sees their own data.
| Code Block | ||
|---|---|---|
| ||
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!--Row level security -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!--Row level for organisations -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['userid'] }]]></principalExpression>
<filterExpression>testProfileAttribute(mdl_user.id,'userid')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition> |
Organization ID (orgids)
For Totara—secures the Org ID of the viewer profile to the Org IDs in the Domain, so that a viewer only sees data from their own organization.
| Code Block | ||
|---|---|---|
| ||
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!--Row level security -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!--Row level for organisations -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['orgids'] }]]></principalExpression>
<filterExpression>testProfileAttribute(mdl_org.id,'orgids')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition> |
Enrolled Course ID (enrolled_courseids)
For both Moodle and Totara—secures the Enrolled Course ID from the viewer profile to the Enrolled Course IDs in the Domain, so that a viewer only sees the data of courses in which they have a role other than student (teacher, manager, assessor, etc). Note that this is the unique value of the enrolled_courseid attribute.
| Code Block | ||
|---|---|---|
| ||
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!--Row level security -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!--Row level for organisations -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['enrolled_courseids'] }]]></principalExpression>
<filterExpression>testProfileAttribute(mdl_course.id,'enrolled_courseids')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition> |
Position ID (positionid)
For Totara—secures the Primary Position ID from the viewer profile to the Primary Position IDs in the Domain, so that a viewer only sees the data of other users with a matching position.
| Code Block | ||
|---|---|---|
| ||
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!--Row level security -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!--Row level for organisations -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['primary_positionid'] }]]> </principalExpression>
<filterExpression>testProfileAttribute(mdl_pos_assignment.positionid,'primary_positionid')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition> |
Manager ID (managerid) - as used in the Manager View Case Study
For Totara—secures the User ID of the viewer profile the the Manager IDs in the Domain, so that a viewer only sees the data of users they manage (in which the viewer User ID exists as the Manager ID of a user).
| Code Block | ||
|---|---|---|
| ||
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!--Row level security -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!--Row level for organisations -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['userid'] }]]></principalExpression>
<filterExpression>testProfileAttribute(mdl_pos_assignment.managerid,'userid')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition> |
User) or a User to only see their own data (tying the User ID of the User to the User ID in the report).
To Upload a Data Source Security File
To add the security file to the Data Source, complete the following steps:
From the Repository, edit a Data Source by right-clicking it and selecting Edit from the context-menu.
From the Edit Data Source page, click the Add Security File link from below the Optional Information header. The Add Security File window opens.
Ensure that the Upload a Local File option is selected.
Click the Choose File button to open a browser of your local drive.
Select your security XML file and click Open. The name of your security file will now display next to the Choose File button.
Click the Select button to upload the security file.
Once the file is uploaded, it will display in the Optional Information column in the Security File section. You can return to it in the future to edit or remove the file by clicking Change or Remove, as needed.
To save your changes to the Data Source, click the Submit button.
Additional XML Examples
To download from our library of XML files, please visit our Dropbox folder here:
https://www.dropbox.com/sh/6z85sso6ikf82kl/AAA-FVcpl7x2lVB4V0hyn--Wa?dl=0&lst=
User Profile Fields Available For Data Source Security
User ID
For both Moodle and Totara—you may use the User ID from the viewer profile to auto-filter the report to only show data for that user.
Department ID
For both Moodle and Totara—you may use the Department ID from the viewer profile to auto-filter the report to only show users who belong to the same Department.
Institution ID
For both Moodle and Totara—you may use the Institution ID from the viewer profile to auto-filter the report to only show users who belong to the same Institution.
Custom User Profile Field
For both Moodle and Totara—you may use a Custom User Profile field from the viewer profile to auto-filter the report to only show data who match the values in those user profile fields.
Group ID
For both Moodle and Totara—you may use the Group ID from the viewer profile to auto-filter the report to only show users who belong to the same Group.
Cohort / Audience ID
For both Moodle and Totara—you may use the Cohort / Audience ID from the viewer profile to auto-filter the report to only show users who belong to the same Cohort / Audience.
Enrolled Course ID
For both Moodle and Totara—you may use the Enrolled Course ID(s) from the viewer profile to auto-filter the report to only show the users in courses. Note: This is only available to Manager roles.
Organization ID
For Totara—you may use the Organization ID from the viewer profile to auto-filter the report to only show users who belong to the same Organization.
Position ID
For Totara—you may use the Position ID from the viewer profile to auto-filter the report to only show users who belong to the same Position.
Organization ID and Position ID
For Totara—you may use the combine the Organization ID and Position ID from the viewer profile to auto-filter the report to only show users who belong to the same Organization and Position.
Manager ID
For Totara—you may use the Manager ID from the viewer profile to auto-filter the report to only show users who report to the Manager.
Current Course ID
For both Moodle and Totara—you may use a Course ID from the Course page in the LMS to auto-filter the report to only show data that matches the Course.