Security consideration - Crystal Report in IFS Enterprise Explorer¶
This page contains a step by step guide on taking the required steps to ensure that a Crystal Report that is to be used within IFS Cloud as a Quick Report doesn't accidentally gives the end user access to data he or she isn't supposed to get access to.
Make the CR_WEB_INIT procedure in the CRYSTAL_WEB_UTIL_API package a data source in the report.
You'll find it under the appowner schema (i.e. IFSAPP as default), in the Qualifiers section.
Press the Next button. You will now be presented with a parameter value dialog, where you are requested to specify a value for the IFS_WEB_USER_ parameter. Just click ok, without specifying any value.
Create a link between the OBJVERSION field in the table which is the main entry point of the report to the OBJVERSION column in the CR_WEB_INIT table. You do this with drag operation. The linking should be done in such a way so that the link is from the CR_WEB_INIT procedure to the table.
When the link is created, you need to change the link option. Do this through the RMB option on the link. You should set the link type to "not equals" (i.e. "!="), like the shown in the image below.
When set, click the OK button. It's likely that you will be presented with a warning like the one below, that's perfectly alright.
- Finally you need to add the OBJVERSION field to the report. To make sure the CR_WEB_INIT procedure is executed before any other queries the OBJVERSION field needs to be added to the first header of the report.
To prevent the OBJVERSION value from being showed in the report, do RMB "Format Field" and suppress it. It will still serve it's purpose of triggering the CR_WEB_INIT procedure and ensure that all other queries to the database is executed in the context of the actual end user.