Applicable to ENA v17.0 P07 upwards
Reporting permissions for individual users are based on user group access. As an admin, you can specify:
- which user groups can access which report folders and/or individual reports.
- the level of access that user groups have to report folders and/or individual reports.
Please also see the important note below regarding adding multiple customers to the same user group
To set reporting permissions:
Reporting permissions for individual users are based on user group access. To set report permissions, navigate to the Account Management page (Main Menu > Administration > Account Management), scroll down to the Groups section and select the user group for which you want to edit permissions.
- If you want to grant members of a user group access to a report, you must also grant them the Reports Tool Permission (and if you want members to be able to create their own reports, you must grant them the Report Builder Tool permission). Flex Report permissions are also handled through Tool Permissions.
- Click Report Permissions to open the Report Permissions for [user group] window. From ENA v17.0 P08 upwards you can, in this window, specify the permissions for each system (out-of-the-box) reporting folder (and any custom report folders that you have created), as well as for individual reports within each folder. Click the permission setting to open the menu of available options:
The permission options are as follows:
Use default inherits the default report permission. No Access prevents members of the user group accessing the report (unless they are members of another group with this permission). View only members of the user group can view generated reports. View and Run members of the user group can run and view generated reports. View, Run and Schedule members of the user group can schedule, run and view generated reports. View, Run, Schedule and Edit For ENA v17.0 P07 upwards. Members of the user group can schedule, run, view and edit generated reports.
If you do not specify reporting permissions for individual reports, they will take the permission of their parent folder (Use default). Similarly, if you leave the folder to 'Use default', it will take the global permission (which can be seen at the top of the window - 'Default report permission').
Important note - if you have multiple users with different requirements (e.g. if you are an MSP with multiple customers), it is important that you create user groups on a per-user basis. This will ensure that different users/customers do not have access to reports that they should not be able to access. Please see the Example workflow section below for further help on this.
To save and share report options:
Users can save report options for both system reports and custom reports, and by default these saved versions will only be visible to the user who created them. From ENA v17.0 P07 upwards, users can share these saved report options so that they are available to other users in the same user group(s) as the user who created them.
- Navigate to and click a system report or a custom report to open its report options page.
- In the Use saved values field, select the saved report option that you want to use.
- Click Share on the right.
- This will open the Share Saved Report Options window. This contains the user groups to which the user belongs. Select which user groups you want to share the report with and move them from the Available groups column to the Shared with column. Tick the Edit box if you want to grant users in the selected group the ability to edit the saved report options.
- Click OK to save your changes, otherwise click Cancel.
Users can also specify share access whilst they are building custom reports. On the Report Builder page, expand the Sharing Options on the right of the page and specify the Group Access for each group that the user is member of. Please see the important note below regarding adding multiple customers to a user group and the implications this can have for accessing reports.
- You are the Entuity admin for an MSP, and you want to set up appropriate user accounts for three customers: Potter, Weasley and Malfoy.
- Create three user groups: 'Potters', 'Weasleys' and 'Malfoys'. Create appropriate users for each group.
- Create top-level Views relevant for each group, called 'Potter', 'Weasley' and 'Malfoy', and grant read access to the appropriate user groups, and ensure they are populated with the devices visible to the appropriate customers.
- Create three new custom report folders for each customer, called 'Potter's Reports', 'Weasley's Reports' and 'Malfoy's Reports'. Give each folder the report permission View, Run and Schedule for the appropriate user group. Create a number of custom reports in each folder that are specific to that customer (e.g. Potter Report 1, Potter Report 2, Potter Report 3, etc). Each customer does not have access to any other report folder (system folder or custom folder).
- At this point, each customer will only be able to see one report folder on their Reports page:
- Potters will only see Potter's Reports, which contains Potter Report 1, Potter Report 2, Potter Report 3.
- Weasleys will only see Weasley's Reports, which contains Weasley Report 1, Weasley Report 2, Weasley Report 3.
- Malfoys will only see Malfoy's Reports, which contains Malfoy Report 1, Malfoy Report 2, Malfoy Report 3.
- If you grant each user group the Report Builder Tool Permission, then they will be able to create their own custom reports with that folder. However, because they only have the View, Run and Schedule report permission on that folder, they cannot edit any of the custom reports (Potter Report 1, etc) within that folder.
- You then want to grant access to all system reports to the Potter customer, but only some system reports to Weasley and Malfoy:
- Select the Potters user group, and go through each system report folder and grant the View, Run and Schedule permission. Members of the Potters user group will then see all these report folders, and will be able to view, run and schedule every report in these folders (including any new reports that might be added to those folders in future patches and upgrades).
- Select the Weasleys user group, and go through individual system report folders and grant the View, Run and Schedule permissions on the appropriate folders or individual reports. Do the same for appropriate folders/reports for the Malfoys user group. Members of the Weasleys and Malfoys will only be able to see the folders in which they have permission to at least one report. They will not automatically get access to any new reports added in future patches and upgrades.
- Important note - it is crucial that you do not grant global default report permissions to any of the user groups, because this would then allow them access to all system reports and the other customers' report folders. E.g., if you granted global default report permissions to the Malfoys user group, then Malfoy will have access to all system reports, Potter reports and Weasley reports.
- When Harry (a member of the Potters user group) logs in and navigates to the Reports page, he will see any system report folders the Potters user group was granted access to, along with the Potter's Reports folder.
- If Harry goes to the report options for any of these reports to which he has access, and then saves the report options, they will only be visible to him. He can share these options with other users in the Potters user group or another user group to which he belongs, via the Share button when editing the report.
Important note regarding adding multiple customers to the same user group:
The Entuity admin must not use the same user groups containing users from more than one customer to grant different levels of access to Entuity features.
For example, if you create an 'Event Admin' user group with access to other functionality (such as Event Notification Administration and Event Suppression), and make some users from the Potters user group and the Malfoy user group members of it, then any of those users in the Event Admin user group would be able to grant access to the reports and folders they have created to the Event Admin user group. This would inadvertantly provide access to reports for customers from another customer.
- You create the Event Admin user group for other functionality.
- You add users from Potters and Malfoys.
- Harry, a Potter user, would be able to grant access to Potter's Reports to the Event Admin user group.
- This means that Draco, a Malfoy user who is also in the Event Admin user group, will then have access to Potter's Reports.
Therefore, to avoid customers inadvertantly accessing other customers' reports, Entuity recommends that user groups such as 'Event Admin' must be created on a per-customer basis.