MicroStrategy ONE

Task-related Security Roles

The ability to discovery and use tasks in MicroStrategy Web is based on the role of the user. This role-based security mechanism ensures that tasks are exposed only to users with proper privileges. Task-related roles include task invokers/end users, task developers, and Web Server administrators. The user's role determines which application interface is available for discovering tasks and constructing task URLs, which tasks can be viewed and executed in that application interface, and which servlet or page is used to execute a task.

Tasks are defined as either administrative or user (that is, non-administrative) tasks. Administrative tasks are generally tasks that change the web server's configuration. The table below shows the kind of tasks available for each of the three security roles, which if any application interface can be accessed by each role, and which servlet or page is used to open the application interface and execute a task for each role.

             

 

Security Role Description

 

Security Role

 

Tasks Available

 

Servlet / Page

Admin

Non-admin

 (User)

Application interface

Used to open application interface

Used to execute tasks

End User/Task Invoker

 

 

  

 

X

 

 

 

taskProc

taskProc.aspx

Task Developer

taskDeveloper

 

 

X

 

Task Viewer application

taskViewer

taskViewer.aspx

taskProc

taskProc.aspx

Web Server Administrator

admin

 

X

 

X

 

Task Administrator application

taskAdmin

taskAdmmin.aspx

taskAdmin

taskAdmmin.aspx

Task-related Roles

The task-related security roles—admin and taskDeveloper—are already defined in the web.xml file shipped with MicroStrategy Web.

The same roles must also be defined in the Web Server where MicroStrategy Web is running. If you are running MicroStrategy Web in a .NET environment, you don't need to do anything. However, if you are running MicroStrategy Web in a J2EE environment, you need to manually add these two roles, as described below.

  1. Navigate to the conf folder in the Apache Tomcat installation directory.  

  2. Open the tomcat-users.xml file and add the lines of code shown in bold below.

    Copy 
    <?xml version='1.0' encoding='utf-8'?>
    <tomcat-users>
      <role rolename="taskDeveloper"/>
      <role rolename="manager"/>
      <role rolename="admin"/>
      <user username="taskDeveloper" password="" roles="taskDeveloper"/>
      <user username="tomcat" password="s3cret" roles="manager"/>
      <user username="admin" password="" roles="admin,manager,taskDeveloper"/>
    </tomcat-users>

  3. Save tomcat-users.xml.

Task-related Application

The Task Administrator application is available to users with the role of admin (Web Server Administrator). It provides the names, descriptions, and parameters for all public tasks that are currently registered, both administrative and non-administrative tasks.

The Web Server Administrator role is different from the MicroStrategy Administrator role.

Task-related Servlets / Pages

There are three servlets/pages that can be used to open an application interface or invoke a task.

  • taskProc
    taskProc.aspx
    The taskProc servlet or taskProc.aspx page can be used to execute all tasks, depending on a user's privileges. It cannot be used to open an application interface.

    If a request uses the taskProc servlet or taskProc.aspx page and includes a taskID parameter, the specified task is executed. If a request uses the taskProc servlet or taskProc.aspx page and does not include a taskID parameter, a failure message with a TaskNotRequestedException is returned. If a user without administrative privileges tries to use the taskProc servlet or taskProc.aspx page to execute an administrative task, an exception is thrown.

  • taskViewer
    taskViewer.aspx
    The taskViewer servlet or taskViewer.aspx page can be used only to open the Task Viewer application interface and cannot be used to execute a task.

    If a request uses the taskViewer servlet or taskViewer.aspx page, it brings up the Task Viewer application. Since this servlet or page does not execute tasks, it ignores any unnecessary parameters (such as a task ID) and simply opens the application. The Home tab of the application lists a restricted set of tasks—all of the public, non-administrative (that is, user) tasks. When you use the Builder tab of the Task Viewer application to construct a test URL, it uses the taskViewer servlet or taskViewer.aspx page to construct the URL.  

  • taskAdmin
    taskAdmin.aspx
    The taskAdmin servlet or taskAdmin.aspx page can be used both to open the Task Administrator application interface and to execute all tasks.

    If a request uses the taskAdmin servlet or taskAdmin.aspx page and includes a taskID parameter, the specified task is executed. If a request uses the taskAdmin servlet or taskViewer.aspx page and does not include a taskID parameter, it brings up the Task Administrator application. The Home tab of the application lists all of the public tasks—both administrative and non-administrative (that is, user). When you use the Builder tab of the Task Administrator application to construct a test URL, it uses the taskAdmin servlet or taskAdmin.aspx page to construct the URL.

By default, only public tasks are visible in the Task Viewer and Task Admin applications.