Profitbase InVision Access Control

Profitbase InVision Access Control is a module that provides a workbook for managing user mapping to roles with access to solution items and data items.

1        Functions, limitations and recommendations

The concept for access control in Profitbase Invision are based on roles: Roles can be solution or data roles with access to solution items and data items respectively. By associating users with one or more roles the user will get access to the solution and data items that the role(s) got access to.

Access Control module covers the following functions related to manage user access for InVision Solutions:

  • Add and remove users
  • Add and remove user access to roles

What is not covered by this solution and hence needs to be managed using the built-in functions in Profitbase InVision Designer:

  • Create new and remove roles
  • Add and remove role access to solution items such as workbooks
  • Add and remove role access to data items such as an organization hierarchy

Each installation needs to be set up with solution roles and data roles such that:

  • Solutions roles exists with access to Workbooks
  • Data roles exists with access to data items

It is strongly recommended to separate roles in solution roles and data roles because these are independent. The only exception to this is typical administrator groups that will have access to “everything”.

This way there will be a conscious granularity for the solution items and data items that is required when setting access. It is recommended to create a solution role for each Workbook and a role for a sufficient set of data items – items in an organizational hierarchy. This solution is anticipating elements from one hierarchy.

2        Using Access Control

Here is a few typical tasks involved with managing user access.

The picture below shows the main screen for managing access. The left is a filter to select users. Selected Users will appear under the Show Users. Likewise, there is a filter for selecting roles where selected roles will be listed in Show Roles.

When selecting roles with users selected a role count will be updated to show the number of roles that the use has access to of the selected roles.

To the far right you can see the details on which access is set for the selected roles.

In the middle there is a column with buttons:

Show Users Selected Only – this will ensure that only selected users will be present in “Show Users” table

Show Users with Access to Selected Roles – this will show the users that have access to the roles selected. This button and the button above will toggle the content in Show Users between selected users only and users with access to selected roles.

The next pair of buttons toggles which roles are shown in Show Roles.
Show Roles Selected Only – shows only the roles selected in the tick-box filter.
Show roles for Selected Users – shows the roles that the selected users have access to.

Set Access for Selected Users and Roles – this will create the mapping between selected users and selected roles. This mapping is what will provide the selected users access to the solution and data items that the selected roles got access to.

Remove Access for Selected Users and Roles – this will remove the mapping between selected users and selected roles.

Note: Access is changed only for users and roles that are selected by “ticking” the users and roles in their respective filters. This is not necessarily the same set shown in “Show Users” and “Show Roles”.

Publish – this will deploy all access changes done in Access Control.

Note: Access changes will not have any effect until Publish is completed.

Add / Remove Users – this is the place to add new users and remove users. When removing users, the role mapping will also be removed.

Below is a description of some central workflows to users access management.

Add a new user:

  1. Click Add / Remove Users to bring up the popup where you can add users
  2. Right-click and select “Insert row” and fill in as shown below
  3. Save any changes (also when deleting users)
  4. Close and Reload Users for new users to appear in the filter to the left.

Note: The content in UserID column is critical be get correct and depend on which solution is used for authenticating users: Azure Active Directory or Active Directory (AD). In case of AD the UserID must be the SID (looks like: S-1-5-21-839522115-920026266-725395543-3303). If it is Azure AD it is likely to be the UPN (Unique Principal Name) which often is equal to the email address. This is however configurable for each installation. Getting this wrong will cause users to not get access.

Set (and remove) access:

  1. Select the user(s) to get access
  2. Select the role(s)
  3. Push “Set Access for Selected Users and Roles”. This will present a confirmation popup for you to inspect the settings before confirming or canceling the operation. The table will also show is the role is providing access to data and/or solution items. You will also be able to see if the user(s) already got access through the role.
  4. Push “Confirm” for the access changes to be saved to Access Control. Use Cancel or the X to close the popup.
  5. Publish the access changes to the system for changes to be effective. During publishing, notifications on progress will be posted to your screen and buttons will be disabled during the process.

Removing access is performed the same way except that you use the button: “Remove Access for Selected Users and Roles”.

Note: Setting access to users that already have access will not do any harm but will be ignored. Likewise removing access for non-existing access will have no effect.

The page titled “Show Access” will help you to investigate which users has access to selected solution and data items. For example, selecting the Finance Reports workbook will show the users and which roles have access (see picture below).

Similar for data items when selecting the department “Bergen”, the Users, roles and accesss rule will show.

Access Control should be helpful managing user access. Please contact Profitbase if you need more help.

Remember that if you find that there are solution items or data items missing due to lack of roles, these are easily added using the designer. Profitbase should be consulted to ensure that such changes does not conflict with existing set of roles being used.

InVision 2.7.0 released!

InVision 2.7 marks the beginning of a series of releases that will focus on making the platform cloud native. Although InVision runs fine in the cloud today, we can do even better. We aim to integrate closer with cloud platforms  and services, and utilize cloud features smarter to provide better solutions to our customers. It is important to note that even though we’ll focus on cloud platform features, we will still support on-premise solutions 100%, and all features will be available on both configurations.
As a side note, this release contains 11 new features and 7 fixes or enhancements :)

Continue reading

InVision 2.6.1 released!

InVision 2.6.1 introduces 23 new features and enhancements. The most interesting new feature in this release is probably the support for macros in SQL Reports and SQL Scripts. Macros enables you to use C# to dynamically generate SQL queries at runtime, before they are executed. You no longer need to concat a string using SQL and then execute it using sp_executesql. For details about how to use macros, you should read this blog post, which goes into details on the subject.

Continue reading

InVision 2.6 Released

Hello world! The focus for version 2.6 has been about improving filtering capabilities and adding support Form Schemas, which provides a new way to build complex data entry forms.

Form Schemas enable you to quickly create complex data entry forms. While it is possible to create forms in previous versions of InVision, it is inflexible and too time consuming because each Form Element is an isolated entity with its own load, save and validation logic. With Form Schemas, you can create complex forms with automatic data persistence, validation, custom calculations and business logic, styling and layout. Form Schemas are displayed in Workbooks, and have actions and events like all other Workbook component.

Continue reading

InVision 2.5.0 Released

In addition to a number of new features and enhancements, the most important change in 2.5 is a change we’ve made to the core component of the system which handles the identity of the data rows in the database. When upgrading an existing instance, the installer will automatically do all the necessary steps, but it is very important that you back up the Solution database before upgrading in case an error occurs (network, disk, etc).

Continue reading

Custom report menu links

As of build 2762 of InFront 3.2 we support creating custom links behind the gear icon on every report. The functionality is configured by entering an anchor tag <a ….. />,  or a plugin name  e.g. <mycustomlink>, on the report property called “Menu custom HTML or plugins”.

Example : The following value :

<a href=”http://www.profitbase.com”>Profitbase link</a>

Will result in a report menu looking like the following:

In the bottom of the report menu we now have a new link that on click will open a new tab in your web browser leading to the www.profitbase.com web site.

If more advanced functionality is needed including dynamic content and translation, a plugin must be defined configured into the given property