Restrict report results with secure parameters

You can configure secure report parameters that limit which data users can report on based on the access control lists (ACLs) to which they have access.

This help topic contains the following sections:

• Example of how secure parameters restrict report results

• Reports that use secure parameters

• Secure versus non-secure parameters

• Parameter classes and control classes

• ACLs that work with secure parameters

• A note about migrating from an earlier version

• Example configuration procedures

Example of how secure parameters restrict report results

Suppose your marketing managers want to report on the results of ongoing outbound marketing campaigns. However, you want to ensure that each manager sees only the results for their particular campaigns. You can configure the Dialer reports to use the SecuredAutoCompleteCampaignNameComboBox secure parameter. Then you configure each user's ACL to allow access to select the appropriate campaigns. When a user attempts to run the Dialer reports in IC Business Manager, the user can select only the campaigns that they should see.

Reports that use secure parameters

You can the SecuredAutoCompleteCampaignNameComboBox secure parameter with all Dialer reports that retrieve a campaign name. These include:

• Campaign Statistics

• Call History

• Agent Success Results

• Campaign Success Results

Note: This secure parameter matches on the campaign name.

Secure parameters versus non-secure parameters

For each secure parameter, there is a corresponding non-secure parameter:

• If you choose a secure parameter, then the user is presented with a list of valid parameter choices based on their access control list.

• If you choose a non-secure parameter, then a user type any value for the parameter when the user runs the report. This potentially allows the user to report on sensitive information, or to run reports using invalid (non-existent) parameter values.

The following table displays the secure parameter classes and their corresponding non-secure parameters:

Secure parameter class name	Non-secure parameter class name
SecuredAutoCompleteCampaignNameComboBox	AutoCompleteCampaignNameComboBox
SecuredAutoCompleteUsersComboBox	AutoCompleteUsersComboBox
SecuredDistributionQueueComboBox	DistribututionQueueComboBox
SecuredUserList	UsersList

Parameter classes and control classes

For each secure parameter, you must specify both the parameter class name and the control class.  The following table displays the secure parameter classes and the control class that you can use with it.

Secure parameter class name	Control class name
SecuredAutoCompleteCampaignNameComboBox	AutoCompleteComboBox
SecuredAutoCompleteUsersComboBox	AutoCompleteComboBox
SecuredDistributionQueueComboBox	AutoCompleteComboBox
SecuredUserList	UserList

 

ACLs that work with secure parameters

In addition to configuring a report to use a secure parameter, you must also assign the appropriate ACLs to the users who run reports. The following table lists the ACLs that work with each secure parameter.

Secure parameter class name	ACL
SecuredAutoCompleteCampaignNameComboBox	Interaction Dialer > Campaigns > View
SecuredAutoCompleteUsersComboBox	User Queue > Users/Workgroups > Search
SecuredDistributionQueueComboBox	Workgroup Queue > Workgroups > Search
SecuredUserList	Users Queue > User Queue > View

 

A note about migrating from an earlier version

Note: Secure report parameters are available in CIC 2016 R3 and later releases. If you configured Crystal Reports that use queue parameters for an earlier version of CIC, you must edit those reports to use either the secure or unsecure parameters.

Example configuration procedures

The following examples show you how to use the various secure parameters, control classes, and ACLs.

• Configure a report to use the SecuredUserList parameter

• Configure a report to use the SecureCampaign parameter

Configure a report to use the SecuredUserList parameter

Note: You can configure any report that uses the UserList parameter to use the SecuredUserList parameter.

Configure a report

1. Report Management > Report Configuration > Categories

2. From the Categories list, select the category that contains the report you want to configure.

3. In the Reports list, select the report.

4. On the Parameters tab, check the list of parameters for the UserList parameter. If it appears, then you can configure the report to use the SecuredUserList parameter.

Note: If the UserList parameter is not listed, you cannot configure the report to use the SecuredUserList parameter.

5. Click the General tab.

6. Unlock the report.

7. In the Class Name box, type ININ.Reporting.Historical.Engine.Module.Parameters.ViewModels.SecuredUserList.

8. Click Save.

Configure the Access Control Lists for each user who runs the report

1. Users > User Configuration > Security > Access Control

2. In the Search box, type user queue.

3. Under the View column, select the user queues and workgroups on which the user can report.  

4. Click Close.

Configure a report to use the SecureCampaign parameter

Configure the report

1. In Report Management, configure the Dialer report you want.

2. Click the Parameters tab.

3. Click the General tab and set the following options:

1. • Complete the Name, Name Resource, Description, Description Resource, and Friendly Key fields. For more information, see Report Configuration.

   • Select the Required check box.

Note: If you do not select the Required check box, then any user can view reports on any campaign they choose.

1. • In the User Control Assembly Name box, type ININ.Dialer.Reporting.Historical.

   • In the User Control Class Name box, type: ININ.Dialer.Reporting.Historical.Viewmodels.SecuredAutoCompleteCampaignNameComboBox.

   • In the License list, select _NO_LICENSE_REQUIRED_

4. On the Data tab, set the following options:

1. • In the Source box, type User Supplied.

   • In the Data Type list, select String.

   • Do not type anything in the Default Value box.

5. On the Custom Data tab, do not type anything in any field.  

6. On the Miscellaneous tab, set the following options:

   • Select either Allow Sample or Allow Or.

   • Make sure that the Allow And check box is not selected.

   • Select the Visible check box.

   • In the User Control Assembly Name field, type ININ.Reporting.Historical.Engine.Module.

   • In the User Control Class Name field, type ININ.Reporting.Historical.Engine.Module.Parameters.Views.AutoCompleteComboBox.

7. On the SQL Table Columns tab, in the Column Name box, type campaignname.

8. Click Save.

Configure the Access Control List for each user who runs the report

1. Users > User Configuration > Security > Access Control

2. In the Search box, type campaigns.

3. Under the View column, select the campaigns on which the user can report.

4. Click Close.

 

Related topics

Report Configuration

Assign access control rights