Exago Logo
Search
Generic filters
Exact matches only

Report-Level SQL Objects

This article applies to the Admin Console > TreeGeneral.png General > TreeGeneralNode.png Feature/UI Settings > TreeGeneralNode.png Allow Creation of Custom SQL Objects setting.


Beginning with v2018.1, administrators have the ability to allow end-users to create reports using custom report-level SQL objects written in the end-user interface.

See Report Wizard: SQL Categories or Advanced Reports: Data Objects (v2021.1+) for info on how end-users will be able to use this feature.

To enable Report-Level SQL, in the Admin Console, set  TreeGeneral.png General > TreeGeneralNode.png Feature/UI Settings > TreeGeneralNode.png Allow Creation of Custom SQL Objects to True.

Warning

Protect your data from unauthorized SQL injection

This feature allows report writers to execute arbitrary SQL commands against data sources they can access. By default this is ALL sources except those you have specifically excluded.

Contact your database administrator to ensure that the connection string has READ-ONLY access. Do not enable Report-Level SQL without a restricted connection string for each allowed source.

Furthermore, because Report-Level SQL bypasses the Admin Console data model, Role (row-based) and column tenancy restrictions on data objects have no effect. Therefore, ensure that the connection string also restricts viewing and joining to unauthorized tables and schema.

Exclude unauthorized sources from Report-Level SQL by entering their names, surrounded by quotes (“) and separated by commas (,), in the Admin Console field Data Sources to Exclude from Custom SQL Object Creation.

Example
"NorthWind","AdventureWorks"

Note: This prohibits creation, but not execution, of Report-Level SQL reports with these sources.

You can deny Roles access to Report-Level SQL by setting the following Role field to False:

( Role | General ) Allow Creation of Custom SQL Objects in Advanced Reports

This prohibits creation and execution of reports with Report-Level SQL. To permit execution, enable the following setting: 

( Role | Objects ) Allow User to View Report-Level Custom SQL Objects

Please be cautious with your data.

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents