Controlling access to reports

2 minute read time.

The security features in Sage CRM extend to cover the internal CRM reporting engine. If a user can not see the data in the screen then they will not be able to see the data in the reports. The main security profile settings apply and so do the field level security settings.

But how can we stop people seeing reports that they are not entitled to view? For example, a manager may not wish other users to know that they are analysing a particular part of the business.

Guarding access to reports comes in different ways. The first and most obvious is that we can decide not to give a user the rights to see reports at all. This setting is controlled with thin the individual user screen under

Administration -> Users -> Users -> [User's Name]

The field "Reports" can be set to different values.

If Set to No Reports, the user has no access to the Reports button. If the Personal,or Enterprise option is selected, the user can see, run, and edit any database stored report unless it is marked as private.

A user with rights to create a report can always create it as a private report which means that other people can't see it to run it.

There is another way of guarding access to reports and this is the Report Category.






These report categories are created as Tab entries on the System Menu called ReportsTabGroup.

You can find this in the administration area

Administration -> Advanced Customization -> System Menus

The fact that the report categories are implemented as Tabs means that the categories are brought under the security mechanisms just like any other tab.

For example here we can use SQL tab clauses to look at the details of the user to decide whether the category can be seen by them.

You will notice that the "System Usage" report category is only available to system administrators because of the SQL clause

user_per_admin=3

Note:

Values in user_per_admin can be set to:

user_per_admin = 0, No admin rights
user_per_admin = 1, Info Admin rights
user_per_admin = 3, System Administrator

Our ability to access the fields within the user tables means that we can control access to categories based on the role of a user. We can even include reference to custom fields added to the user table.