In ActivityInfo, reports are a powerful way to analyze and present data stored in your database. Permissions play an important role in determining who can view, create, and manage these reports, as well as what data is visible within them.
There are a few key concepts to understand regarding this:
1. Viewing and creating reports
In ActivityInfo, any user has the ability to create their own reports on data that they have access to, regardless of their specific permissions. However, the ability to save the report as a resource within the database is strictly determined by the permissions assigned to their roles.
If a user does not have the "Add forms, folders, and reports" permission, they can still create a report; but it will be saved as a personal report under "My reports" rather than as a resource in the database.
- Users can open and interact with reports they have permission to access.
- Users can add reports to a database only if their role has the "Add forms, folders, and reports" permission.
- Users can edit reports and customize them to their liking and save them under "My reports".
2. Report types and locations
Depending on its status, reports can be:
- Personal: These reports can be viewed only by the designer and are saved under "My reports".
- Published: These reports can be viewed by anyone with the link, including individuals who are not ActivityInfo users.
- Part of a database: These reports can be viewed by users who are added to the database and have access to a folder containing the report.
3. Editing reports
Editing a report in a database is not available to all users; specific permissions and form access levels determine who can make changes.
- To edit a report, users must have the "Edit forms, folders, and reports" permission, along with full access to all underlying forms included in the report.
- Alternatively, the forms included in the report must have public visibility or must be published.
4. Moving reports
Reports can be moved as needed, provided the user has the appropriate permissions.
- You can move a report to another database, folder, or to "My reports".
- Moving a report requires the "Delete forms, folders and reports" permission from the original location and "Add forms, folders, and reports" for the destination.
5. The “Publish reports” permission
This permission refers specifically to making a report publicly available via a URL.
- The publish reports permission is sensitive and should only be granted to users trusted to exercise good judgment over who can access the data.
- If a user role is granted the "Publish reports" permission and uses it to publish a report, revoking that permission later will not affect the existing report; once published, the report becomes a part of the database.
- Users can edit a published report if they have the "Edit forms, folders, and reports" permission.
6. Data visibility within reports
The data visible in a report is determined by what the report designer makes visible at the time of creation.
- Users with access to a report will see the data the creator included, regardless of their own record-level conditions or role parameters.
- If the report creator has record-level conditions applied to their own role, they will only be able to include the records they are permitted to see in the reports they create.
- Users with the "View all records" permission can view a report, provided it is located within a resource to which they have access.
7. Cross-database reports
ActivityInfo allows forms from different databases to be combined in a single report.
- If you wish to include forms from different databases in your report, you must at minimum have permission to view those specific forms.
Best Practice: Partner-Specific Reporting
When working in multi-partner environments, it is important to ensure that each partner only has access to the data relevant to them. When a report is included in a database, users added to that database can view, edit, and interact with it based on their respective permissions, making it essential to structure reports thoughtfully when data confidentiality is a concern.
To securely share data with partners in a multi-partner environment, the recommended approach is:
- Create separate reports for each partner.
- Apply specific filters (such as partner ID or geographic location) to each individual report.
- Grant access only to the specific reports relevant to that partner to maintain data confidentiality.