Zoola
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

The following code snippets are fully functional XML security files for Zoola Domains. As explained in the Manager View Case Study, XML Security files allow you to add an extra layer of security to a Domain, tying information from the viewer's user profile to the table rows of the information in the Domain. This form of security would enable a Manager to only see the data of users they manage (tying the User ID of the viewer profile to the Manager ID of the user profiles in the Report/View drawn from the Domain).

The following code snippets can be used in the same manner as the Manager View (for a walkthrough on adding a security file to a Domain, see Case Study: Creating a Manager View.

Group ID (groupids) 

For both Moodle and Totara—secures the Group ID from the viewer profile to the Group IDs in the Domain, so that a viewer only sees data from members of their group. 

<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
  <resourceAccessGrants>
    <!--Row level security -->
      <resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
        <resourceAccessGrants>
          <!--Row level for organisations -->
            <resourceAccessGrant id="Jointree_1_row_access_grant_20">
              <principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['groupids'] }]]></principalExpression>
              <filterExpression>testProfileAttribute(mdl_groups.id,'groupids')</filterExpression>
            </resourceAccessGrant>
        </resourceAccessGrants>
      </resourceAccessGrantList>
  </resourceAccessGrants>
</securityDefinition>

 

 

User ID (userid)

For both Moodle and Totara—secures the User ID of the viewer profile to the User IDs in the Domain, so that a viewer only sees their own data.

<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
  <resourceAccessGrants>
    <!--Row level security -->
      <resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
        <resourceAccessGrants>
          <!--Row level for organisations -->
            <resourceAccessGrant id="Jointree_1_row_access_grant_20">
              <principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['userid'] }]]></principalExpression>
              <filterExpression>testProfileAttribute(mdl_user.id,'userid')</filterExpression>
            </resourceAccessGrant>
        </resourceAccessGrants>
      </resourceAccessGrantList>
  </resourceAccessGrants>
</securityDefinition>

 

 

Organization ID (orgids)

For Totara—secures the Org ID of the viewer profile to the Org IDs in the Domain, so that a viewer only sees data from their own organization. 

<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
  <resourceAccessGrants>
    <!--Row level security -->
      <resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
        <resourceAccessGrants>
          <!--Row level for organisations -->
            <resourceAccessGrant id="Jointree_1_row_access_grant_20">
              <principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['orgids'] }]]></principalExpression>
              <filterExpression>testProfileAttribute(mdl_org.id,'orgids')</filterExpression>
            </resourceAccessGrant>
        </resourceAccessGrants>
      </resourceAccessGrantList>
  </resourceAccessGrants>
</securityDefinition>

 

Enrolled Course ID (enrolled_courseids)

For both Moodle and Totara—secures the Enrolled Course ID from the viewer profile to the Enrolled Course IDs in the Domain, so that a viewer only sees the data of courses in which they have a role other than student (teacher, manager, assessor, etc). Note that this is the unique value of the enrolled_courseid attribute.

<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
  <resourceAccessGrants>
    <!--Row level security -->
      <resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
        <resourceAccessGrants>
          <!--Row level for organisations -->
            <resourceAccessGrant id="Jointree_1_row_access_grant_20">
              <principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['enrolled_courseids'] }]]></principalExpression>
              <filterExpression>testProfileAttribute(mdl_course.id,'enrolled_courseids')</filterExpression>
            </resourceAccessGrant>
        </resourceAccessGrants>
      </resourceAccessGrantList>
  </resourceAccessGrants>
</securityDefinition>

 

 

Position ID (positionid)

For Totara—secures the Primary Position ID from the viewer profile to the Primary Position IDs in the Domain, so that a viewer only sees the data of other users with a matching position.

<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!--Row level security -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!--Row level for organisations -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['primary_positionid'] }]]></principalExpression>
<filterExpression>testProfileAttribute(mdl_pos_assignment.positionid,'primary_positionid')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition>

 

 

Manager ID (managerid) - as used in the Manager View Case Study

For Totara—secures the User ID of the viewer profile the the Manager IDs in the Domain, so that a viewer only sees the data of users they manage (in which the viewer User ID exists as the Manager ID of a user).

<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
  <resourceAccessGrants>
    <!--Row level security -->
      <resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
        <resourceAccessGrants>
          <!--Row level for organisations -->
            <resourceAccessGrant id="Jointree_1_row_access_grant_20">
              <principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['userid'] }]]></principalExpression>
              <filterExpression>testProfileAttribute(mdl_pos_assignment.managerid,'userid')</filterExpression>
            </resourceAccessGrant>
        </resourceAccessGrants>
      </resourceAccessGrantList>
  </resourceAccessGrants>
</securityDefinition>

 

 

  • No labels

Copyright Lambda Zoola™