Configuring Security for BIRT Reporting

You can add an extra measure of security to BIRT reporting by doing one or both of the following:

• Enable the Java security manager
• Limit access to tables and views in the database

Enabling Java Security Manager

To enable Java Security manager:

1. Log in to Fortify Software Security Center as an administrator.
2. On the OpenText header, click Administration.

3. In the left pane, select Configuration, and then click BIRT Reports.

4. On the BIRT Reports page, under Enhanced security, select the Turn on security manager check box.

   Note: If you try to generate a custom report that depends on functionality that the BIRT security manager regards as unsafe, the report generation might fail.

5. Click SAVE.

(Linux with OpenJDK only) Installing Required Fonts

If your Fortify Software Security Center is installed on a Linux system, and you are running OpenJDK, you must install fontconfig, DejaVu Sans fonts, and DejaVu serif fonts on the server to enable users to successfully generate reports. Otherwise, report generation will fail. You can download these fonts from https://github.com/dejavu-fonts/dejavu-fonts.

Creating a Database Account for Reporting

To limit write access to tables and views in the database:

1. Create a database user account to use exclusively for BIRT reporting and provide minimum permission required to generate reports.

2. For the new user account, enable read (only) access to the following tables and views:

   Tables
   activity	issuecache	reportexecparam
   attr	measurement	requirement
   auditattachment	measurementhistory	requirementtemplate
   auditcomment	metadef	ruledescription
   catpackexternalcategory	metadef_t	savedreport
   catpackexternallist	metaoption	scan
   catpacklookup	metaoption_t	scan_rulepack
   datablob	metavalue	seedhistory
   documentinfo	metavalueselection	sourcefile
   eventlogentry	project	snapshot
   f360global	projecttemplate	userpreference
   filterset	projectversion	variable
   folder	projectversiondependency	variablehistory
   foldercountcache	reportexecblob
   Views
   attrlookupview	defaultissueview	ruleview
   auditvalueview	metadefview	view_standards
   baseissueview	metaoptionview

3. Log in to Fortify Software Security Center as an administrator.
4. On the OpenText header, click Administration.

5. In the left pane, select Configuration, and then click BIRT Reports.

   Fortify Software Security Center displays the BIRT Reports page.

6. In the DB Username and DB Password boxes, type the credentials for the database account that has read-only database access.

7. To test the database user account access to the database, click VALIDATE CONNECTION.
8. Click SAVE.

See Also

Allocating Memory for Report Generation

Setting Report Generation Timeout