Restrict non itil users to from drill down into Reports

Dwain Bryden · ‎10-09-2018

Hi Guys,

I have create a ACL to restrict non itil users from drill down into Reports, but somehow seem to know working accordingly.

Please see, any help is appreciated. Thanks

Mark Stanger · ‎10-09-2018

Strictly speaking, there is not a way to restrict drill-down. The only thing that can actually be restricted is direct access to view the records (the actual list of records or the form).

ACLs control access to the underlying table data. List reports require the reporting user to satisfy ACLs on the target table to view records in the list. Users without sufficient permissions may see filtered list reports.

Reports that present aggregate data, such as pie or bar charts, do not require the user to satisfy target table ACLs to view the chart. These reports are not filtered due to security, though may be filtered with ACLs or before query business rules defined for the target table. ACLs are required to view the list of records when you click on a portion of a chart.

The way this works in practice is that a user can see the pie chart, bar chart, etc. They can even drill down into the 'Other' category to see a sub-section of the chart. If they ever click down far enough to actually display a list of records they will be restricted based on the ACLs in place for the rows in that table.

Please mark my response as correct if I've answered your question. Thanks!

View solution in original post

Mark Stanger · ‎10-09-2018

If a user can see a report (and the data in it) they will be able to drill down in the report. The drilldown table is simply a way of defining custom drilldown options.

Dwain Bryden · ‎10-09-2018

Thanks for the reply Mark,

So there is no way to actually restrict drill down based on defined conditions?

Mark Stanger · ‎10-09-2018

Strictly speaking, there is not a way to restrict drill-down. The only thing that can actually be restricted is direct access to view the records (the actual list of records or the form).

ACLs control access to the underlying table data. List reports require the reporting user to satisfy ACLs on the target table to view records in the list. Users without sufficient permissions may see filtered list reports.

Reports that present aggregate data, such as pie or bar charts, do not require the user to satisfy target table ACLs to view the chart. These reports are not filtered due to security, though may be filtered with ACLs or before query business rules defined for the target table. ACLs are required to view the list of records when you click on a portion of a chart.

The way this works in practice is that a user can see the pie chart, bar chart, etc. They can even drill down into the 'Other' category to see a sub-section of the chart. If they ever click down far enough to actually display a list of records they will be restricted based on the ACLs in place for the rows in that table.

Please mark my response as correct if I've answered your question. Thanks!

Rob144 · ‎04-13-2019

I'm having the opposite issue where I want a user or users to see my drilldown reports but the user is getting the message "Report visible only to a specific user or group". Weird as they can see the original report. Any ideas?