Required rights for using reports
Not all users can view, edit, and deploy reports. Users must have the correct rights assigned in Role-based administration. Because report editing involves accessing the database, any user with Edit rights must be qualified to edit the database. You can also set up user credentials with read-only database rights if there are users that you want to run reports but not edit them.
Role-based administration and reports
Role-based administration includes Reporting rights that determine which users can view, run, modify, schedule, and create reports. In the User management tool, when you create or edit a role you can enable or disable the following reporting permissions.
- No rights: Can't open the designer.
- Edit: Can open the designer and create or edit reports.
- No rights: Can't see the tool.
- View: Can see this tool and can view reports. Can run reports. Can't change anything.
- Edit: Can see reports and change report properties. This right alone doesn't allow access to the designer; the Report designer edit right is required to access the designer.
- Deploy: Can schedule and publish reports.
- Edit public: Can move reports into the Public group.
User database rights for reports
The report designer is a powerful tool that should be used with discretion. Users who have Edit rights for the report designer can access any portion of the database and can execute any SQL commands on that data, so you should make sure users with this right are qualified to manage the database. Data could be lost or corrupted if a user executes SQL commands that modify data.
The Reports tool accesses the database with the user credentials that were specified during product setup. These credentials can be managed in the Configure Ivanti software services dialog box (Configure > Services, General tab). If you prefer to set up different credentials for the users who have reports rights, you can create a second set of credentials for reporting database access.
For example, if you want report users to have read-only access to the database, you can create a database user account with read-only access. You would then enter that user account as the Reporting database user in the Configure Ivanti software services dialog box.
NOTE: If you're using an Oracle database and create a read-only reporting user, you'll need to create a public synonym for every table that will be referenced in reports by that user.