I want to run a daily report that checks the ...

security
(Jonathon Sinclair) #1

I want to run a daily report that checks the created_date of their latest entry and sends them a notification if its been over a month. It needs to do this for each unique user.

My formula is as follows and appears to work when I test it in the app. Yet, the reports are not being sent at the scheduled time.

AND( [created_date]=(MAX(SELECT(bips[created_date],[user]=[_THISROW].[user]))), (TODAY())>=(MAX(SELECT(bips[created_date],[user]=[_THISROW].[user]))+30) )

I suspect the problem may be a security filter I have on the bips table to restrict users to only their records. This security filter is vastly preferable to a slice to reduce loading times. Does this mean I won’t be able to issue reports for each user, though?

(Aleksi Alkio) #2

Amazing Phil, you answered before I have even asked :smiley:

(Jonathon Sinclair) #3

Thanks to the both of you. Great news for me; the reason it hasn’t been firing then is because I am doing demo’s on an unpaid account!

Maybe worth including one of those yellow warning indicators for users trying to create scheduled reports without the right plan!

(Aleksi Alkio) #4

I need to check this from our Workflow expert how the scheduled report actually works with security filter.

(Philip Garrett) #5

@Jonathon_Sinclair @Aleksi_Alkio

Scheduled Reports always run under the identity of the app owner.

You will want to define your security filters so that when the Report runs under the identity of the app owner, you can see the needed records.

I have updated the docs to explain this. See topic “Reports Run as the App Owner” in this article https://help.appsheet.com/behavior/workflow-introduction/reports

(Aleksi Alkio) #6

You can test if the reason is the Security filter if you temporarely remove that security filter.

(Jonathon Sinclair) #7

@Aleksi_Alkio I did that. With the security filter on in the editor, the notification works but only for the user I am logged in as on the editor. When the security filter is removed it works for everyone. This is why I suspected the security filter was the issue.

This is a pretty massive limitation. This is to say that you can’t run reports on any tabled data that utilizes user specific security filters?

(Aleksi Alkio) #8

Well… the main purpose of the security filter is filter the data that one user is not able to see other user’s data. You need to think about your app structure how you can do that… for example you can open the data for the admin and then he/she is able to send that daily report from his device/account.

(Jonathon Sinclair) #9

In this case, the admin would have to fire the report manually, so more of a workflow rather than report.

No way to open up the security filter to whatever process the automated reports run through?

(Aleksi Alkio) #10

If you need daily report, you can do it with scheduled report and manual work is not needed.

(Jonathon Sinclair) #11

Right, but it seems that the scheduled report service cannot get past any user based security filter unless you fire the report manually from within the app builder as a user that has permissions to bypass said filter.

(Aleksi Alkio) #12

If you set the security in a way that it doesn’t filter the data for the manager, then the scheduled report from his /her device should work in a same way than your test earlier. Or am I misunderstanding something?

(Jonathon Sinclair) #13

For my tests, I am using the ‘run’ button within the app editor. This means the security filter is validating based on the account I am logged into the app editor with.

When it comes time to fire the report at the scheduled time, nothing occurs. My concern is that, what ‘account’ or access does the scheduled report run through (not the manual one I am firing)? Is it given the same access as the app owner, i.e. admin account? Because it doesn’t seem to function this way in my tests.

(Sebastian Tiller) #14

Hi Phil,

Can you please elaborate on the following:

I have updated the docs to explain this. See topic “Reports Run as the App Owner” in this article https://help.appsheet.com/behavior/workflow-introduction/reports

I’ve read the documentation, but I can’t find how I would actually configure this?

(Jonathon Sinclair) #15

If you are having the above issue (your app uses security filters, therefore the workflows cannot access any information), you must put a passthrough in your security filters for the application owners account.

For example, if the application is hosted under my account, and my account email is AppOwner@business.com, I would need the following clause in my security filter:

OR(
USEREMAIL()=AppOwner@business.com,
USEREMAIL()=table[UserID]
)

The above would allow the application owner to load all data, while individual users could only see their records.

In this scenario, it is useful to have a ‘dummy’ account on which the applications are hosted; the dummy account would never actually interact with the apps beyond creating them.

(Sebastian Tiller) #16

Thanks, Jonathan, that makes sense, I will give that a go.

I was currently in the process of creating a complete read-only copy of the application which will be deployed and will have none of the security filters applied with the goal to run all reporting out of here.

Applying the filter would be a much better option as it means I don’t have to maintain two applications. While I’m still using User Settings, the limitation I see is that I’m not requiring users to login in. This is because the application is used by a large number of different contractors and having to maintain a user base is going to be a nightmare.

(Philip Garrett) #17

Thanks so much for your clarification Jonathon.

You are correct. If the application includes a Security Filter, it must allow the application owner to read all records needed by the Report. I have updated the article to add your explanation and the sample Security Filter you provided.

I have updated topic “Reports Run as the App Owner” in this article https://help.appsheet.com/behavior/workflow-introduction/reports