User can access table, but can't report on table

John Diaz · ‎08-09-2017

I have a user that has access to the cmdb_ci tables - read, write, create.... but when they go to try to run a report on the table, it doesn't show in the list. I went through all the ACLs, and there is nothing in there that would stop from from reading the data. Any ideas of what I could be missing? They also have all necessary roles to create and run their own reports.

I've tried to create a report myself, and share it with him. In that case, he can see the report and all the data, but it says 'due to security restraints, the report is read only' and he can't edit the report at all.

John Diaz · ‎08-09-2017

So i found the issue.

We had a report_on ACL on the * table (global) that was set to report_admin role. There were then report_on ACLs on Incident and Task tables that were set to itil. So this is why he was able to report on those tables (which is all he needed so far).

I created report_on ACLs set to the asset role on both the alm_asset and cmdb_ci tables, and now he can report on what he needs to.

Thank you everyone!

View solution in original post

Harsh Vardhan · ‎08-09-2017

7 Reporting Roles

By default, the following roles can access reports.

Notes:

Users must have the itil role to see the Reports module on the application navigator (left navigation pane).
Users with any reporting role or the itil role can access the following report options for all reports that are visible to them: Insert, Insert and Stay, and Export to PDF.
In the table below, the term manage indicates access to the following report options: Update, Delete, Sharing, and Export settings.

Role title [name]	Description
report administrator [report_admin]	Can manage, publish, and schedule all reports. Can access Reports >Administration and manage all report-related objects. The report_admin role inherts all other report roles.
itil [itil]	Can access Reports on the application navigator. Can manage reports listed in My reports.
global report user [report_global]	Can manage reports that are shared with everyone (listed in Global).
group report user [report_group]	Can manage reports that are shared with groups the user belongs to (listed in Group).
report publisher [report_publisher]	Can Publish reports that they can manage. Publishing a report creates public a link to that report. Users with this role must also have another role that grants permission to create and edit reports.
report scheduler [report_scheduler]	Can Schedule emailing of all reports that they can see, including reports they cannot manage. Users with this role must also have another role that grants permission to create and edit reports.
gauge maker [gauge_maker]	Can create gauges from reports and charts. Can add gauges to homepages with the Add to Dashboard option.

have you checked is there any report_on acl has configured on cmdb_ci table? what roles he has?

John Diaz · ‎08-09-2017

So i found the issue.

We had a report_on ACL on the * table (global) that was set to report_admin role. There were then report_on ACLs on Incident and Task tables that were set to itil. So this is why he was able to report on those tables (which is all he needed so far).

I created report_on ACLs set to the asset role on both the alm_asset and cmdb_ci tables, and now he can report on what he needs to.

Thank you everyone!

shruti_tyagi · ‎08-09-2017

Hi John,

For your first question: User can see report on cmdb_ci, could you please verify if this report is directly on table or its on DB view?

Shruti

John Diaz · ‎08-09-2017

The user was able to see a report that i created directly from the cmdb_ci table... but wasn't able to edit it