Restricting File Permission Access to Managed Reporting

For development environments that are safely behind a firewall, the remainder of this chapter is optional.

For production environments, you can optionally enhance the security of Managed Reporting by restricting access to its data and preventing users from accessing Managed Reporting data through the file system. File system access to Managed Reporting data should be avoided because sensitive information can be exposed, production reports can be altered, and Managed Reporting can be rendered inoperable.

Managed Reporting content is stored in the WebFOCUS Repository. It also uses the following directory for processing:


During normal operation, these directories should only be accessed by the account or accounts that run the WebFOCUS servlets. You can increase security by ensuring Windows prevents any other user IDs from accessing these directories. You may also want to grant file system access to an administrator group for support and debugging purposes.

The required accounts vary considerably, depending on your application server and other configurations. Consult your application server and operating system documentation for more information.