JZR report

  2. Home
  4. Docs
  6. JZR report
  8. Security

Security

JZR report can be password protected using the Excel workbook encryption.
By default, it is disabled.

This permits to secure the confidentiality of your reports.
It for example interesting when the report is generated automatically by the Jeyzer Monitor.

Important : like any other Jeyzer security feature, the automatic reporting encryption requires a valid Jeyzer Monitor commercial license.

Password can be either:

  • Mandatory at setup time : password is enforced internally
    Use case : Jeyzer Monitor must generate secured reports with a company password.
    Use case : Jeyzer Analyzer must always generate secured reports with a company password.
  • Mandatory at generation time : password is enforced externally
    Jeyzer Web Analyzer use case : the end user must provide a password to generate the report.
  • Optional : password can be enforced externally
    Jeyzer Web Analyzer use case : the end user can decide to secure the report with a password.

In all cases, the password length must be at least 8 characters long.

Configuration

Password protection can be set at analysis profile or global setup level.

To activate it in a profile, add the security_profile attribute to the xlsx_report in the report configuration and set the path to your security configuration file.
It is recommended to limit the access rights to that file and store it an a safe place.

<xlsx_report … security_file="${JEYZER_DEMO_MASTER_PROFILES_DIR}/${JEYZER_TARGET_PROFILE}/report/security/report_security.xml">

Security configuration is enabled in the report_security.xml file.

The password mode permits to specify how the password is set/provided :

  • external_optional : password is optional and provided programmatically.
  • external_mandatory : password is enforced externally programmatically.
  • internal_mandatory : password is enforced internally through the value attribute. It is set through environment variable or system property.
  • none : no password is required.

The Encryption algorithm is either

  • binary_RC4 : weak protection
  • AES_256 : strong protection
    AES 256 requires the Java JCE Unlimited to be installed on Java 8.
<security>
  <password mode="external_optional"  value="${JEYZER_REPORT_PASSWORD}"/>
  <encryption algorithm="binary_RC4"/>
</security>