ClearQuest provides security features that can be configured
to protect access to the Report Launcher for ClearQuest and access
to run reports from the reporting server. Use the information in this
topic to learn about the network, client, and data security.
The level of access control provided for the Report Launcher for ClearQuest® is a subset of
the access control available for Rational® ClearQuest. Access control
for the Report Launcher for ClearQuest is
used for these purposes:
- Determine the pool of eligible users for the Report Launcher for
ClearQuest. Report Launcher users must have existing Rational ClearQuest accounts before they can be
granted access to the report launcher.
- Validate the user credentials during logon to the Report Launcher.
- Authenticate Report Launcher for ClearQuest users who attempt
to run reports on the report server.
You can also configure ClearQuest to provide additional security
mechanisms for network, client, and data security for the Report Launcher
for ClearQuest.
- Network security
- To provide secure access to the Report Launcher for ClearQuest
and the ClearQuest reporting data, deploy the Report Launcher by using
a secure connection (https). For information about configuring secure
sockets for ClearQuest web components, see Configuring secure connections.
- Client security
- Client security for Report Launcher for ClearQuest is implemented
by using J2EE Declarative Security. Using this approach, the Report
Launcher itself is not security aware. Access to the client is configured
through its deployment descriptor and enforced by WebSphere Application
Server. By default, the Report Launcher for ClearQuest deployment
descriptor provides these security roles to control access to the
report launcher web interface and specified report directories: Basic User, Team
Member, and Super User. These default roles can be customized
for your environment. See Configuring security for the Report Launcher and reports.
- Data security
By default, the Report Launcher for ClearQuest does not control
view access to report files that are hosted in a configured Report
Launcher directory. A user with access to the Report Launcher server
can browse the list of reports that exist in the Report Launcher directories
for that server. However, you can secure access to the report folders by
using either of the following methods:
For reporting authentication, only users authorized to
run the ClearQuest queries used by a report can run it. For example,
if a user named
user attempts to run a report that
requires access to a query in the Personal Queries folder of the
admin user.
ClearQuest generates an error message like the one shown in the following
example.
Cannot get the result set metadata. SQL statement does not return a ResultSet object.
SQL error #1: CRVAP0237E Resource 'cq.query:Personal Queries/All
Defects@7.0.0/SAMPL': not found.
- Credential storage
The Report Launcher for ClearQuest Report uses credentials
to control access to run and view reports. Crystal Reports and BIRT
both provide a mechanism for passing user credentials when a report
is run. See Using the Report Launcher for ClearQuest. If no
credentials are provided when a report is started, Crystal Reports
automatically prompts for the user credentials of the target data
source. BIRT reports can also be designed to prompt for user credentials,
but this capability must be configured in the report design. Credentials
are temporarily stored on the server during the session and are discarded
when the session ends. See Passing credentials to BIRT reports at run time.