A correction has been made to this blog regarding Simple Owner Security to state “if AdHocContext.SchedulerExecuting is true.”
Users today expect reports to be delivered to their inboxes while developers must ensure that those reports apply the same security as on the web. Izenda provides a few different mechanisms to support secure scheduling.
Simple Owner Security
The most basic email security applies the report owner’s security. To implement this, add code to your AdHocConfig.PreExecuteReportSet() that looks at the Report.Owner and uses that to apply hidden filters if AdHocContext.SchedulerExecuting is true. With smartphones and mobile devices now able to render rich HTML, embedding reports into email is one of the most common use cases.
Single-Field Single-DB Multi-Tenant Security
For SaaS environments where multiple customers share a single database partitioned via a single tenant field, Izenda provides a AdHocSettings.TenantField property which automatically applies a hidden filter to all reports based on the TenantID of the owner. The process works like this:
- User logs in and AdHocSettings.CurrentUserTenantID is provided in PostLogin().
- AdHocSettings.TenantField is set to the name of the field that stores the TenantID in AdHocConfig.ConfigureSettings()
- When a user saves a report, the ReportSet.OwnerTenantID gets saved.
- When scheduler runs, it also knows the AdHocSettings.TenantField n AdHocConfig.ConfigureSettings() and applies a hidden filter to this field based on the ReportSet.OwnerTenantID of the report.
- The report is sent out based on data in the owner’s tenant.
Multi-Field or Multi-DB Security
If you’re already an Izenda customer, contact your account manager and they’ll bring in the appropriate technical staff. If you’re not an Izenda customer, why not request a demo and see what Izenda can do for you?