How to check which users have the report create role

Paul Bayani · ‎01-09-2020

How to check which user has the create report permission.

When I check the report_user role, the "Users" tab is blank so I'm assuming no one in the instance can create a report. But upon doing some random checking with few HR agents, there are some who can actually create a report.

So not sure what I'm missing here.

Kiel Sanders · ‎01-10-2020

Yes, that's expected if you are not on New York and also if you're experiencing someone with sn_hr_core.basic not being able to create reports. You can find all of the roles that allow the creation of reports by looking at the ACLs for create on sys_report. Below are the defaults you should see.

If you're still looking to identify why some users are able to create reports, look for these roles on the sys_user_has_role table. You should notice the users you tested with will appear with these role filters applied.

View solution in original post

Mrman · ‎01-09-2020

Hi Paul,

HR Reports can be created by the HR agents with sn_hr_core.basic role.

This is the reason you are seeing some agents able to create reports.

'report_user' is Global role granted to users .

Paul Bayani · ‎01-10-2020

Hi Shankar, where did you get this screenshot from?

Kiel Sanders · ‎01-09-2020

@Paul Bayani

You're correct that the User related list should show this, or you could look directly at the sys_user_has_role table.

You're probably best looking at the ACLs for sys_report to confirm what roles have been given create access to the sys_report table. There are several additional roles that allow the creation of reports other than report_user. My guess is that the few HR agents you tested have access to create reports through an additional role. You can then look at the sys_user_has_role table once you've identified all roles that have reporting access.

Paul Bayani · ‎01-10-2020

Hi Kiel,

On the sys_user_role_has table, if you could please expound how this table can be of help? Thanks in advance