Some customers want their end users to have a report builder experience that is read-only, meaning that all reporting creating functionality is taken away. In some cases, even ephemeral analytical features like filtering and sorting are removed as well.

How does it work?

When you generate a JWT to be used for a report builder, you can add a rbc claim to the JWT that indicates the allowed editing features for the report builder.

This is an optional claim, meaning it is not needed to construct a valid JWT. If it’s not passed in or the list that is passed in is the wildcard string (["*"]), all functionality will be allowed.

By default, end users will always be able to:

  • View reports.
  • Toggle favorite reports.
  • Configure scheduled emails.

Pass specific key words to allow corresponding capabilities:

  • flt -> Allow filtering of reports
  • srt -> Allow sorting of reports
  • core -> Allow core editing functionality (creating/editing reports, adding/editing views)
  • crt-view -> Allow creating a new view within an existing built-in report
  • fork -> Allow saving as a customer report after modifying an existing built-in report

Note: If you are enabling core functionality, you don’t need to explicitly include view or fork, as they are covered by core.

Note: The fork and crt-view permissions will not allow modifying the underlying data.

Note: The fork permissions will allow saving changes on forked customer reports.

By default if the rbc claim is in the JWT with the empty list ([]), then all editing capabilities are disabled. Here are some example configurations:

[]                 // Disable all editing capabilities
["flt", "srt"]     // Allow filtering and sorting
["flt"]            // Allow only filtering
["srt"]            // Allow only sorting
["crt-view"]           // Allow creating new views in built-in reports
["fork"]           // Allow saving modified built-in reports as new customer reports
["crt-view", "fork"]   // Allow both viewing and forking