Configuring Security for BIRT Reporting

You can add an extra measure of security to BIRT reporting by doing one or both of the following:

• Enable the Java security manager
• Limit access to tables and views in the database

Enabling Java Security Manager

To enable Java Security manager:

1. Log in to Fortify Software Security Center as an administrator.
2. On the Fortify header, click ADMINISTRATION.

3. In the left panel, select Configuration, and then click BIRT Reports.

4. On the BIRT Reports page, under Enhanced security, select the Turn on security manager check box.

   Note: If you try to generate a custom report that depends on functionality that the BIRT security manager regards as unsafe, the report generation might fail.

5. Click SAVE.

(Linux with OpenJDK only) Installing Required Fonts

If your Fortify Software Security Center is installed on a Linux system, and you are running OpenJDK, you must install, the fontconfig library, DejaVu Sans fonts, and DejaVu serif fonts on the server to enable users to successfully generate reports. Otherwise, report generation will fail. You can download these fonts from https://github.com/dejavu-fonts/dejavu-fonts.

Creating a Database Account for Reporting

To limit write access to tables and views in the database:

1. Create a database user account to use exclusively for BIRT reporting and provide minimum permission required to generate reports.

2. For the new user account, enable read (only) access to the following tables and views:

   Tables
   activityOne of a series of primary and subordinate tasks that must be signed off to complete the secure development of an application version. Fortify Software Security Center process templates are hierarchical constructions of requirements and activities.	filterset	requirement
   activitycomment	folder	requirementcomment
   activityinstance	foldercountcache	requirementinstance
   attr	issuecache	requirementtemplate
   auditattachment	measurement	requirementtemplatecomment
   auditcomment	measurementhistory	requirementtemplateinstance
   catpackexternalcategory	metadef	sdlhistory
   catpackexternallist	metadef_t	sourcefile
   catpacklookup	metaoption	snapshot
   datablob	metaoption_t	userpreference
   documentinfo	metavalue	variableBuilding blocks for performance indicators; storage for measurement values that count issues, conditions, and similar categories of numeric data.
   eventlogentry	projecttemplate	variablehistory
   Views
   attrlookupview	defaultissueview	ruleview
   auditvalueview	metadefview	view_standards
   baseissueview	metaoptionview

3. Log in to Fortify Software Security Center as an administrator.
4. On the Fortify header, click ADMINISTRATION.

5. In the left panel, select Configuration, and then click BIRT Reports.

   Fortify Software Security Center displays the BIRT Reports page.

6. In the DB Username and DB Password boxes, type the credentials for the database account that has read-only database access.

7. To test the database user account access to the database, click TEST CONNECTION.
8. Click SAVE.

See Also

Allocating Memory for Report Generation

Setting Report Generation Timeout