Report Builder Security

Another agreement on this issue. All Report Builder
Development is done thru our IT department.

A few "trusted users" have access to Report Builder,
but I've setup .prl libraries for their use.

Report Builder is an open book to your database.

--- Thad Jacobs <tjacobs@...> wrote:

> I Agree. Keep report writing to one person, or one
> dedicated department.
>
> Thaddeus
>
> -----Original Message-----
> From: Winter, Patrick
> [mailto:pjw@...]
> Sent: Thursday, February 21, 2002 10:55 AM
> To: 'vantage@yahoogroups.com'
> Subject: RE: [Vantage] Report Builder Security
>
>
> Another option is to keep all report builder design
> and change work in the
> IT dept. You can design reports with bad joins,
> filters, etc.. which would
> report false data, run very slow, chew up server
> processor time, etc... I
> think its more effective/efficient for a company to
> have one goto person.
>
> Patrick
>
> -----Original Message-----
> From: Thad Jacobs [mailto:tjacobs@...]
> Sent: Thursday, February 21, 2002 12:48 PM
> To: 'vantage@yahoogroups.com'
> Subject: RE: [Vantage] Report Builder Security
>
>
> There are three options.
>
> 1 - create a test database that has less sensitive
> data / has the sensitive
> data changed or removed.
> 2 - Honor system
> 3 - set up progress permissions (which would require
> every vantage user to
> login twice). I don't know how to do this, and hear
> its more trouble than
> its worth.
>
> If you want to use crystal instead, and are on
> progress vantage 5.1/progress
> 9.1C, there is a more convenient way to set up SQL
> permissions so that ODBC
> users only have access to certain tables. Vantage
> support informed me of
> this option, though we haven't implemented it yet
> because we're still on
> 3.0.
>
> Sorry I couldn't be of more help, but Vantage does
> not inherently posess a
> user-friendly, flexible means of managing report
> builder You can secure
> reports so that only certain users can see them, but
> report writers pretty
> much have, by default, unfettered read access to the
> DB.
>
> Thaddeus
>
> -----Original Message-----
> From: hebarna [mailto:hbarna@...]
> Sent: Thursday, February 21, 2002 9:23 AM
> To: vantage@yahoogroups.com
> Subject: [Vantage] Report Builder Security
>
>
> Just wondering what people were doing regarding the
> issue of security
> and Report Builder, we are starting to train users
> to use Report
> Builder, but don't want everyone to have access to
> all tables. Is
> there some way around this, everyone tells me no,
> but this isn't an
> acceptable answer for some. If there is no way to
> restrict access, is
> there an alternatve?
>
> Any input would be greatly appreciated.
>
> Thanks,
>
> Helen Barna
> Niven Marketing
>
>
>
> Useful links for the Yahoo!Groups Vantage Board are:
> ( Note: You must have
> already linked your email address to a yahoo id to
> enable access. )
> (1) To access the Files Section of our Yahoo!Group
> for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage
> services goto:
> http://groups.yahoo.com/group/vantage/links
>
> Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
>
>
> Useful links for the Yahoo!Groups Vantage Board are:
> ( Note: You must have
> already linked your email address to a yahoo id to
> enable access. )
> (1) To access the Files Section of our Yahoo!Group
> for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage
> services goto:
> http://groups.yahoo.com/group/vantage/links
>
> Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
>
>
>
> Useful links for the Yahoo!Groups Vantage Board are:
> ( Note: You must have
> already linked your email address to a yahoo id to
> enable access. )
> (1) To access the Files Section of our Yahoo!Group
> for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage
> services goto:
> http://groups.yahoo.com/group/vantage/links
>
> Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
>
>
> ------------------------ Yahoo! Groups Sponsor
>
> Useful links for the Yahoo!Groups Vantage Board are:
> ( Note: You must have already linked your email
> address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group
> for Report Builder and Crystal Reports and other
> 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage
> services goto:
> http://groups.yahoo.com/group/vantage/links
>
> Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
>
>

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

De Anna,
in response to your question some weeks back

> how do you handle security for Report Builder? I have spoken to Epicor

about

> security and I have not liked the response.

I've spent a considerable amount of time researching the Vantage / Progress
/ Report Builder security issues, and after prodding Vantage Support for a
while, I have finally found the appropriate documents for locking things
down so users can print reports, but not modify them, and locking things
down further on the progress side to prevent users with the progress client
from reading or tampering with the Database. The security is contingent
upon two things

1. NT Permissions
2. The fact that workstations are secured so that users don't have their own
copy of Report Builder, or other progress database browsing tool on their
own workstation, or any of the common downloadable NT hacking tools.


The documents were
- Securing Vantage with NT Permissions, which is on ERANET
- securing reportbuilder,
- couple of e-mails from Steve Graham, director of Epicor tech support.

Though I wouldn't guarantee that this eliminates every possible security
risk, it does put the security on the shoulders of so-called "C2 Compliant"
NT Permissions, which is good enough for us.

If anyone is interested in making the printing of reportbuilder reports more
available, but are concerned with the security issues, let me know, and I
can post these documents in a single zip file on the files section.

Best Regards,

Thaddeus Jacobs
Assistant LAN Technologist / Vantage Support
Kinematic Automation, Inc
mailto:tjacobs@...

>Original Message

I was wondering how everyone handles giving users access to custom reports?
We have a lot of custom reports. I find it tedious to add them to Vantage.
It also makes the report menu very long. Is there any other options short
of letting them run reports directly from Report Builder. Also how do you
handle security for Report Builder? I have spoken to Epicor about security
and I have not liked the response.

Thanks,

De Anna Godfrey
V.P.
McNeal Enterprises, Inc.
408.922.7290 x14
fax 408.922.0728

Is there a way to secure databases or tables in Report Builder so that
employees cannot extract information from Payroll or the General Ledger?
Any information will be appreciated.

Regards,
Karen

At 02:05 PM 6/21/2001 -0700, you wrote:

>Is there a way to secure databases or tables in Report Builder so that
>employees cannot extract information from Payroll or the General Ledger?

Nope. Nada. None. SOL.

Actually, I'm told the P.R. tables aren't accessible - some DB trickery
prevents normal reads from happening. (We don't have PR, so can't say 1st
hand.) But other employee data is wide open in the EmpBasic and LaborDtl
tables. Nothing hides the GL data.

Granting access to the Report Builder grants access to any and all data
that that person can find and extract. All data security in Vantage is
done via the client software, so anyone with a tool to read a Progress DB
can read nearly all the data. The worst being ODBC, which even allows
WRITE access to your DB on the majority of the tables, via tools like MS
Access. I know we have WAY too many computer literate folks here to depend
on that style of Security Via Obscurity.

I hear Vantage 5 fixes this somewhat, but can't confirm that personally.

The only solution I know of is to setup each Report Builder report with its
own menu item, to be run only. That's a bit of a PITA, but is how I handle
it here.

-Wayne

You don't have to worry about securing payroll data in Report Builder,
because it's encrypted. You can get some data from the payroll tables, but
relating anything to the employee master file (the only way you'll get
important information like their name) isn't possible. In order to get the
relationship to work, you have to go to Financial Management / Payroll /
Master File Maintenance / Employee Results Link and create links to
employees. Even with this link created, Report Builder won't do it. The
only way I've been able to get at the data is Results (not pretty but it
gets the job done) or the Export Utility, although I think the Export
Utility works whether you've created the Results link or not.

Jon Hellebuyck
Stremel Manufacturing
-----Original Message-----
From:
sentto-20369-21884-993167556-jhellebuyck=stremel.com@...
[mailto:sentto-20369-21884-993167556-jhellebuyck=stremel.com@...
.com]On Behalf Of Karen Brodniak
Sent: Thursday, June 21, 2001 4:06 PM
To: Vantage Group (E-mail)
Subject: [Vantage] Report Builder Security


Is there a way to secure databases or tables in Report Builder so that
employees cannot extract information from Payroll or the General Ledger?
Any information will be appreciated.

Regards,
Karen


Yahoo! Groups Sponsor



To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please go to:
http://groups.yahoo.com/group/vantage/files/. Note: You must have already
linked your email address to a yahoo id to enable access.

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



[Non-text portions of this message have been removed]

Karen;
We are on Vantage 4.0. Report Builder will NOT let you access the payroll
files and I believe this is also true, but not sure, for General Ledger.
The way I understand it, the security is done by use of some Progress tools.
To create a report that is secured by these tools requires a reporting tool
called RESULTS, which is part of Progress. As the IS Manager you can
control who has RESULTS.

Hope this helps.

Warren R. Eddy
Information Services Manager
National Tube Form, LLC
Phone: (219) 478-2363 ext 217
Fax: (219) 478-1043
Warren.Eddy@...

-----Original Message-----
From: Karen Brodniak [mailto:karen.brodniak@...]
Sent: Thursday, June 21, 2001 4:06 PM
To: Vantage Group (E-mail)
Subject: [Vantage] Report Builder Security

Is there a way to secure databases or tables in Report Builder so that
employees cannot extract information from Payroll or the General Ledger?
Any information will be appreciated.

Regards,
Karen


To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please go to:
http://groups.yahoo.com/group/vantage/files/. Note: You must have already
linked your email address to a yahoo id to enable access.

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

I have used the export utility to get payroll information, but you have to
be logged in with payroll access on your account.

-----Original Message-----
From: Eddy, Warren [mailto:warren.eddy@...]
Sent: Friday, June 22, 2001 8:55 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Report Builder Security


Karen;
We are on Vantage 4.0. Report Builder will NOT let you access the payroll
files and I believe this is also true, but not sure, for General Ledger.
The way I understand it, the security is done by use of some Progress tools.
To create a report that is secured by these tools requires a reporting tool
called RESULTS, which is part of Progress. As the IS Manager you can
control who has RESULTS.

Hope this helps.

Warren R. Eddy
Information Services Manager
National Tube Form, LLC
Phone: (219) 478-2363 ext 217
Fax: (219) 478-1043
Warren.Eddy@...

-----Original Message-----
From: Karen Brodniak [mailto:karen.brodniak@...]
Sent: Thursday, June 21, 2001 4:06 PM
To: Vantage Group (E-mail)
Subject: [Vantage] Report Builder Security

Is there a way to secure databases or tables in Report Builder so that
employees cannot extract information from Payroll or the General Ledger?
Any information will be appreciated.

Regards,
Karen


To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please go to:
http://groups.yahoo.com/group/vantage/files/. Note: You must have already
linked your email address to a yahoo id to enable access.

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please go to:
http://groups.yahoo.com/group/vantage/files/. Note: You must have already
linked your email address to a yahoo id to enable access.

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Karen,

The payroll table is encrypted, but all the other tables are wide open for
anyone with report builder, unless you secure the tables individually, for
which you'd have to reference the Database Admin Guide, which can be found
at http://www.progress.com/v9/documentation/start.htm

We've elected not to do this, because it would require every user to log
into Vantage twice, and my suspicion is that it could create headaches if
the wrong tables are locked down.

It is possible to allow users to print RB reports but not edit them, simply
by changing permissions on prorb32.exe (the editor) and still making
prore32.exe (the printer) available.

Once a user has report builder edit access, they can see everything but
payroll.

Our solution for this is setting up a test database that reports are written
against. This can be a copy of the live database, with sensitive data
stripped out, or a manual reconstruction of your database. Using the test
database shipped with Vantage can be useful, but it is far easier to
construct reports when workcenters, product codes, the Schema, and
everything else in the database matches your own.
Using a standalone workstation prevents the reportbuilder on the test DB
from looking at the real DB.

Please let me know if you have any more questions.

Best Regards,

Thaddeus Jacobs
Assistant LAN Technologist / Vantage Support
Kinematic Automation, Inc
mailto:tjacobs@...






-----Original Message-----
From: Eddy, Warren [mailto:warren.eddy@...]
Sent: Friday, June 22, 2001 8:55 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Report Builder Security


Karen;
We are on Vantage 4.0. Report Builder will NOT let you access the payroll
files and I believe this is also true, but not sure, for General Ledger.
The way I understand it, the security is done by use of some Progress tools.
To create a report that is secured by these tools requires a reporting tool
called RESULTS, which is part of Progress. As the IS Manager you can
control who has RESULTS.

Hope this helps.

Warren R. Eddy
Information Services Manager
National Tube Form, LLC
Phone: (219) 478-2363 ext 217
Fax: (219) 478-1043
Warren.Eddy@...

-----Original Message-----
From: Karen Brodniak [mailto:karen.brodniak@...]
Sent: Thursday, June 21, 2001 4:06 PM
To: Vantage Group (E-mail)
Subject: [Vantage] Report Builder Security

Is there a way to secure databases or tables in Report Builder so that
employees cannot extract information from Payroll or the General Ledger?
Any information will be appreciated.

Regards,
Karen


To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please go to:
http://groups.yahoo.com/group/vantage/files/. Note: You must have already
linked your email address to a yahoo id to enable access.

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please go to:
http://groups.yahoo.com/group/vantage/files/. Note: You must have already
linked your email address to a yahoo id to enable access.

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Just wondering what people were doing regarding the issue of security
and Report Builder, we are starting to train users to use Report
Builder, but don't want everyone to have access to all tables. Is
there some way around this, everyone tells me no, but this isn't an
acceptable answer for some. If there is no way to restrict access, is
there an alternatve?

Any input would be greatly appreciated.

Thanks,

Helen Barna
Niven Marketing

There are three options.

1 - create a test database that has less sensitive data / has the sensitive
data changed or removed.
2 - Honor system
3 - set up progress permissions (which would require every vantage user to
login twice). I don't know how to do this, and hear its more trouble than
its worth.

If you want to use crystal instead, and are on progress vantage 5.1/progress
9.1C, there is a more convenient way to set up SQL permissions so that ODBC
users only have access to certain tables. Vantage support informed me of
this option, though we haven't implemented it yet because we're still on
3.0.

Sorry I couldn't be of more help, but Vantage does not inherently posess a
user-friendly, flexible means of managing report builder You can secure
reports so that only certain users can see them, but report writers pretty
much have, by default, unfettered read access to the DB.

Thaddeus

-----Original Message-----
From: hebarna [mailto:hbarna@...]
Sent: Thursday, February 21, 2002 9:23 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Report Builder Security


Just wondering what people were doing regarding the issue of security
and Report Builder, we are starting to train users to use Report
Builder, but don't want everyone to have access to all tables. Is
there some way around this, everyone tells me no, but this isn't an
acceptable answer for some. If there is no way to restrict access, is
there an alternatve?

Any input would be greatly appreciated.

Thanks,

Helen Barna
Niven Marketing



Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Another option is to keep all report builder design and change work in the
IT dept. You can design reports with bad joins, filters, etc.. which would
report false data, run very slow, chew up server processor time, etc... I
think its more effective/efficient for a company to have one goto person.

Patrick

-----Original Message-----
From: Thad Jacobs [mailto:tjacobs@...]
Sent: Thursday, February 21, 2002 12:48 PM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Report Builder Security


There are three options.

1 - create a test database that has less sensitive data / has the sensitive
data changed or removed.
2 - Honor system
3 - set up progress permissions (which would require every vantage user to
login twice). I don't know how to do this, and hear its more trouble than
its worth.

If you want to use crystal instead, and are on progress vantage 5.1/progress
9.1C, there is a more convenient way to set up SQL permissions so that ODBC
users only have access to certain tables. Vantage support informed me of
this option, though we haven't implemented it yet because we're still on
3.0.

Sorry I couldn't be of more help, but Vantage does not inherently posess a
user-friendly, flexible means of managing report builder You can secure
reports so that only certain users can see them, but report writers pretty
much have, by default, unfettered read access to the DB.

Thaddeus

-----Original Message-----
From: hebarna [mailto:hbarna@...]
Sent: Thursday, February 21, 2002 9:23 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Report Builder Security


Just wondering what people were doing regarding the issue of security
and Report Builder, we are starting to train users to use Report
Builder, but don't want everyone to have access to all tables. Is
there some way around this, everyone tells me no, but this isn't an
acceptable answer for some. If there is no way to restrict access, is
there an alternatve?

Any input would be greatly appreciated.

Thanks,

Helen Barna
Niven Marketing



Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/


Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

I Agree. Keep report writing to one person, or one dedicated department.

Thaddeus

-----Original Message-----
From: Winter, Patrick [mailto:pjw@...]
Sent: Thursday, February 21, 2002 10:55 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Report Builder Security


Another option is to keep all report builder design and change work in the
IT dept. You can design reports with bad joins, filters, etc.. which would
report false data, run very slow, chew up server processor time, etc... I
think its more effective/efficient for a company to have one goto person.

Patrick

-----Original Message-----
From: Thad Jacobs [mailto:tjacobs@...]
Sent: Thursday, February 21, 2002 12:48 PM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Report Builder Security


There are three options.

1 - create a test database that has less sensitive data / has the sensitive
data changed or removed.
2 - Honor system
3 - set up progress permissions (which would require every vantage user to
login twice). I don't know how to do this, and hear its more trouble than
its worth.

If you want to use crystal instead, and are on progress vantage 5.1/progress
9.1C, there is a more convenient way to set up SQL permissions so that ODBC
users only have access to certain tables. Vantage support informed me of
this option, though we haven't implemented it yet because we're still on
3.0.

Sorry I couldn't be of more help, but Vantage does not inherently posess a
user-friendly, flexible means of managing report builder You can secure
reports so that only certain users can see them, but report writers pretty
much have, by default, unfettered read access to the DB.

Thaddeus

-----Original Message-----
From: hebarna [mailto:hbarna@...]
Sent: Thursday, February 21, 2002 9:23 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Report Builder Security


Just wondering what people were doing regarding the issue of security
and Report Builder, we are starting to train users to use Report
Builder, but don't want everyone to have access to all tables. Is
there some way around this, everyone tells me no, but this isn't an
acceptable answer for some. If there is no way to restrict access, is
there an alternatve?

Any input would be greatly appreciated.

Thanks,

Helen Barna
Niven Marketing



Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/


Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/