Restrict report creation with an ACL rule

Create an access control list rule to restrict who can create a report on a table, data source, or database view.

Before you begin

Requires role: security_admin

About this task

In addition to report_on ACLs for specific tables, a write ACL on the [sys_report] table controls write access for all reports. If this ACL prevents you from saving the current report, the Save button in the report builder or report designer is disabled. For example, when you view a report that another user shared with you. If you have the correct security settings, click Save > Insert to save an editable copy of the report.

For more information on ACLs, see Access control rules.

Procedure

  1. Navigate to System Security > Access Control (ACL).
  2. Add an access control record with the following information:
    OptionDescription
    Type record
    Operation report_on
    Name (table) <select the table name>
  3. Define the rules that determine whether a user can create a report against the table.
    If a user does not have report_on access for a table, the table does not appear in the Table field when the user creates a report. Data sources based on tables for which a user does not pass the report_on ACL do not appear in the Data Source choice list in the Report Builder and Report Designer. To restrict one or more users from seeing a data source in the Report Source choice list, create a new read ACL on the [sys_report_source] table that excludes those users.
    Note:
    • Users can view and run reports on tables even if they cannot create reports due to report_on ACL restrictions.
    • System tables are not reportable by default. To allow reporting against system tables, administrators can configure the glide.ui.permitted_tables property. To learn more, see Reporting on system tables.
    • The ACL report_on operation grants the right to report on the target table.
    • Database views have their own ACLs. If a user has report_on rights to all the tables in a database view, they still require report_on rights on the view to create reports on it. See Database views.