Reporting upgrade information

Reporting upgrade information for the Geneva release. Review this information to ensure users retain access to reports.

In Fuji, the logic behind how sys_report ACLs were applied changed. If you upgrade from a release before Fuji to Fuji or later without the Report Security - enforce access control checks plugin enabled, changes in report access may occur. For example, users without the admin role may lose read access to reports because of security constraints.

Because the Report Security plugin overrides ACL customizations, it is not enabled by default upon upgrade. You must enable it manually.

Follow these steps to enable the plugin. You can enable it before or after upgrade.
  1. Activate the Report Security (com.glideapp.report_security) plugin on a sub-production instance and test to ensure activation does not cause changes to existing reporting functionality.
  2. After testing is completed, activate the plugin in production.

If changes in reporting functionality persist after you activate the plugin, this may be because ACLs were improperly updated because of customizations. Manually update your sys_report ACLs to comply with the ACLs below.

sys_report create ACL
var userID = current.user.toString();
var answer = false;
var isMe = gs.getUserID() == userID;
var isGlobal = userID == "GLOBAL";

if (gs.hasRole('report_admin'))
   answer = true;
else if (isGlobal)
   answer = gs.hasRole('report_global');
else if (current.user == 'group')
   answer = gs.hasRole('report_group');
else
   answer = gs.hasRole(current.roles);

	
function isGroup(){
	var grpList = gs.getUser().getMyGroups();          
    var myGrps = '';
    for (var i = 0; i != grpList.size(); i++) {
		if (i != 0) myGrps += ',';
        myGrps += grpList.get(i);
    }
	
	var myUserId = gs.getUserID();
	var gr = new GlideRecord('sys_report_users_groups');
	gr.addQuery('report_id', current.getUniqueValue());
	var qc = gr.addQuery('user_id', myUserId);
	if (myGrps != '')
        qc.addOrCondition('group_id', 'IN', myGrps);  
	gr.query();
	if (gr.getRowCount() > 0)
		return true;	
    return false;
}
sys_report delete ACL
var answer = false;
var userID = current.user.toString();
var isMe = gs.getUserID() == userID;
var isGlobal = userID == "GLOBAL";

if (isMe || gs.hasRole('report_admin'))
   answer = true;
else if (isGlobal)
   answer = gs.hasRole('report_global');
else if (isGroup())
   answer = gs.hasRole('report_group');

function isGroup() {
	var reportUserId = current.user.toString();  
    if (reportUserId != "group"){
        return false;
    }
	
	var grpList = gs.getUser().getMyGroups();          
    var myGrps = '';
    for (var i = 0; i != grpList.size(); i++) {
		if (i != 0) myGrps += ',';
        myGrps += grpList.get(i);
    }
	
	var myUserId = gs.getUserID();
	var gr = new GlideRecord('sys_report_users_groups');
	gr.addQuery('report_id', current.getUniqueValue());
	var qc = gr.addQuery('user_id', myUserId);
	if (myGrps != '')
        qc.addOrCondition('group_id', 'IN', myGrps);  
	gr.query();
	if (gr.getRowCount() > 0)
		return true;	
    return false;
    
}
sys_report read ACL
answer = false;
var userID = current.user.toString();

var isUser = gs.getUserID() == userID;
if (isUser) {
	answer = true; // my own report
} else {
	var isGlobal = userID == "GLOBAL";
	if (isGlobal)
    	answer = gs.hasRole(current.roles);
	else
		answer = isGroup();
}

function isGroup() {
    var reportUserId = current.user.toString();
	if (reportUserId != "group"){
        return false;
    }
	
    var myUserId = gs.getUserID();
    var grpList = gs.getUser().getMyGroups();          
    var myGrps = '';
    for (var i = 0; i != grpList.size(); i++) {
		if (i != 0) myGrps += ',';
        myGrps += grpList.get(i);
    }
	
    var gr = new GlideRecord('sys_report_users_groups');
    gr.addQuery('report_id', current.getUniqueValue());
	var qc = gr.addQuery('user_id', myUserId);
	if (myGrps != '')
        qc.addOrCondition('group_id', 'IN', myGrps);
    gr.query();
    if (gr.getRowCount() > 0)
		return true;
    
	return false;
}
sys_report write ACL
var answer = false;
var userID = current.user.toString();
var isMe = gs.getUserID() == userID;
var isGlobal = userID == "GLOBAL";


if (isMe || gs.hasRole('report_admin'))
   answer = true;
else if (isGlobal)
   answer = gs.hasRole('report_global');
else if (isGroup())
   answer = gs.hasRole('report_group');

function isGroup(){
    var reportUserId = current.user.toString();  
    if (reportUserId != "group"){
        return false;
    }
	
	var grpList = gs.getUser().getMyGroups();          
    var myGrps = '';
    for (var i = 0; i != grpList.size(); i++) {
		if (i != 0) myGrps += ',';
        myGrps += grpList.get(i);
    }
	
	var myUserId = gs.getUserID();
	var gr = new GlideRecord('sys_report_users_groups');
	gr.addQuery('report_id', current.getUniqueValue());
	var qc = gr.addQuery('user_id', myUserId);
	if (myGrps != '')
        qc.addOrCondition('group_id', 'IN', myGrps);  
	gr.query();
	if (gr.getRowCount() > 0)
		return true;	
    return false;
}