How to configure Security for BIRT Reporting in SSC

 
0 Likes

in order to configure this in SSC you can add an extra measure of security to BIRT reporting by doing one or both of the following:

  • Enable the Java security manager
  • Limit access to tables and views in the database

Enabling Java Security Manager

To enable Java Security manager:

  1. Log in to Fortify Software Security Center as an administrator.
  2. On the OpenText header, click Administration.
  3. In the left pane, select Configuration, and then click BIRT Reports.

  4. On the BIRT Reports page, under Enhanced security, select the Turn on security manager check box.

    Note: If you try to generate a custom report that depends on functionality that the BIRT security manager regards as unsafe, the report generation might fail.

  5. Click SAVE.

(Linux with OpenJDK only) Installing Required Fonts

If your Fortify Software Security Center is installed on a Linux system, and you are running OpenJDK, you must install fontconfig, DejaVu Sans fonts, and DejaVu serif fonts on the server to enable users to successfully generate reports. Otherwise, report generation will fail. You can download these fonts from https://github.com/dejavu-fonts/dejavu-fonts.

Creating a Database Account for Reporting

To limit write access to tables and views in the database:

  1. Create a database user account to use exclusively for BIRT reporting and provide minimum permission required to generate reports.
  2. For the new user account, enable read (only) access to the following tables and views:

Tables
activity issuecache reportexecparam
attr measurement requirement
auditattachment measurementhistory requirementtemplate
auditcomment metadef ruledescription
catpackexternalcategory metadef_t savedreport
catpackexternallist metaoption scan
catpacklookup metaoption_t scan_rulepack
datablob metavalue seedhistory
documentinfo metavalueselection sourcefile
eventlogentry project snapshot
f360global projecttemplate userpreference
filterset projectversion variable
folder projectversiondependency variablehistory
foldercountcache reportexecblob  
Views

attrlookupview

defaultissueview ruleview
auditvalueview metadefview view_standards
baseissueview metaoptionview  
  1. Log in to Fortify Software Security Center as an administrator.
  2. On the OpenText header, click Administration.
  3. In the left pane, select Configuration, and then click BIRT Reports.

    Fortify Software Security Center displays the BIRT Reports page.

  4. In the DB Username and DB Password boxes, type the credentials for the database account that has read-only database access.

  5. To test the database user account access to the database, click VALIDATE CONNECTION.
  6. Click SAVE.

Labels:

Support Tip
Comment List
Related
Recommended