Scan your instance for reports that users would be unable to view
based on existing access control lists (ACLs).
About this task
The assessment scan returns a list of affected reports. A
report is affected if a user has seen the report who would not be able to see it
based on a report_view ACL or blocking READ ACL, in the case of reports based on
tables without report_view ACLs.
The time the assessment scan takes can vary according to the number of records in the
instance. Consider running the assessment over night. Also consider filtering the
reports that the assessment applies to. For more information, see Filter report assessment scans.
Procedure
-
Elevate your role to security_admin.
-
Navigate to .
-
Select Run Assessment Scan.
The assessment scan can take a long time on instances with many reports. You
can choose to view partial results while the scan is in progress, or select
View Result when the scan is complete. When the scan
is complete, a message shows who ran the assessment and the start and stop time
of the
assessment.
Note: The
scan calculates the number of executions of each affected report. If the
property
sn_report_acl.run_scan_based_on_report_execution_only
is false, the Total Executions column in the Impacted
Reports list is always empty, and
process_reports_executed_within_X_days_ago is
ignored.
- Optional:
If the affected reports list is empty, navigate to
report_executions.list.
-
If this table is empty, there are no ACL issues.
-
If the report_executions.list has entries,
change the system property
sn_report_acl.run_scan_based_on_report_execution_only
to false and run the scan again.
This time, the scan shows all the affected reports, not only those
reports that have been executed. The second scan often takes longer to
run.
-
Navigate to to view the list of impacted reports.
The Impacted Reports list shows the reports affected by ACLs.