Web Intelligent/BOXI Reports appear to not obey Multi-Tenancy Setup

Document ID : KB000054018
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

A powerful new feature of Service Desk r12 is that reports obey Service Desk security, such as Data Partitions and Roles.

If a setup step is skipped, it may appear that Web Intelligence/BOXI Reports are not obeying Service Desk Roles, in particular for Multi-Tenancy. All results are returned, rather than results just for that Tenant. This is the case even though Multi-Tenancy restrictions for that Tenant are working throughout the rest of Service Desk and CMDB. That is, results are restricted to single tenants.

The Service Desk /log/stdlog may show an entry as follows:

    ODBC error: AHD04020: Login failed for userid (LOGIN_ID); no default role found for session type (5)

Where "LOGIN_ID" is the system login of the user.

Solution:

Service Desk has a special "Role" for reporting called the "Reporting Role." This is held against the Access Type and defines the Reporting security. By default, it may be set to a more open Role than may be desired, such as Administrator for a test user who includes Administrator as one of their Roles.

Be sure to follow the Service Desk Administration Guide at "Define Role-Based Reports for the Role." (p385 in the Administration Guide provided with r12.0.)

Each Access Type has a Reporting Role. Examine the Contact's Access Type and see what their Reporting Role is. If that Role has rights to see all Tenants, then their reports will show all Tenants.

In this example, the reporting role for each for role defined in the Administrator Access Type Administrator is Administrator. If the Administrator Role has access to each and every Tenant then regardless of what Role is used, all data for all Tenants will be seen when a BOXI Report is run.

Figure 1