The SiteAudit Reporting Web Site is an ASP.NET site and thus access to specific folders can be controlled to prevent unauthorized access to reports. This article provides general guidelines for allowing and denying access to Reporting Web Site folders.
Securing Reporting Web Site Folders
By default, all users who have access to the Reporting Web site can see all folders and reports that exist. It is possible to limit access to any of the folder to prevent unauthorized user access. Folders containing reports can be hidden for some users and visible for others.
Folder security is maintained in the web.config file located in the root of the Reporting Web site installation location, C:\Program Files\Netaphor\SiteAudit\ReportingWebSite. The location elements are added and users or groups can be given access or denied access to the specified folder. It is common practice to include users in a group and then allow or deny access to a specific group or role.
The example below allows the SpecialReportsAccess group access to reports in the Inventory folder as well as domain user1 and user2. All other authenticated users are denied access to Inventory reports.
<location path="MyReports/Inventory">
<system.web>
<authorization>
<allow roles="SpecialReportsAccess" />
<allow users="domain\user1, domain\user2" />
<deny users="*" />
</authorization>
</system.web>
</location>
Other users who may need to access these reports can be added to the SpecialReportsAccess group.
The example above is not required to give users access to the Inventory reports. It is provided as an example only. By default all users who have access to log into the Reporting Web site will have access to the reports in the Inventory folder and all other reports
Deny Access to a Report Folder
This example shows how to deny specific users access to the Consumables reports
<location path="MyReports/AssessmentDetails">
<system.web>
<authorization>
<deny users="domain\username1, domain\username2" />
<deny roles="Users" />
</authorization>
</system.web>
</location>
Reports Folder Structure
All reports that exist on the Reporting Web Site are contained in under the MyReports folder located at
C:\Program Files\Netaphor\SiteAudit\ReportingWebSite\App_Data\MyReports
When restricting access to a folder, it is important to use the name of the folder as shown in the file system. The folder names displayed in the Reporting Web site are user friendly names and are similar to these folder names but may contain spaces.
Users can manually add or delete the report templates from these folders as desired. It is also possible to create new folders and add reports to the new folder and make them available on the Reporting Web site. To do this, it is also necessary to modify the web.sitemap file to contain the new folder.
