Crystal Reports Tools: Improve Performance While Saving Time and Money
  Resources  
Best sellers:
cView
Report Analyzer
cViewSERVER
 ReCrystallize

Crystal Reports: Free trial
Articles:
Administration
Advanced
Basic
 Crystal eNL
Database
Financial
Problems Solved

 Books:
CR Books
Database Books
Developer Books
Tools:
All CR Tools
CR Analyzers
CR Bestsellers
DataBase Tools
CR Graphics
International
CR Mail UFLs
ReCrystallizePro
CR Schedulers
CR UFLs
CR Viewers

Add'l:
About us
Contact Us
cViewSUITE Ppt
Support

Crystal Reports
on Steroids

Crystal Reports Administration:
Defining Report Distribution Parameters

Improper report distribution can lead to catastrophe. Industrial espionage topples careers and even companies. Even inadvertent releases of information can have serious consequences. Unfortunately, it's all too easy for information to wind up in the wrong hands--for the wrong reasons, and usually due to poor distribution policies. 

Consider just one of thousands of incidents that occurred with the IRS (of United States). A headline case in 2003 involved a private firm that was sending sales solicitations to private citizens. The firm got the information from IRS reports that contained sensitive information and should not have been released outside the IRS.

We see this kind of thing happen in companies, all the time. One customer gets another customer's sales figures. Or employees are able to read salary information intended only for internal budgeting purposes among senior managers.

At the other end of the spectrum, end-users are unable to obtain mission-critical information. The sales representative gets an "Unauthorized" message when trying to access information about her key account. Or the CEO can't see the company financials--and then must ask her administrative assistant (who seems to have access to everything) to provide those.

In the middle is a way that leads to a positive outcome for everyone. Thanks to many of our customers for contributing these ideas--you are a sharp bunch of folks!

Some tips

  • Identify who has a "need to know." Look at department (or end-user) functions and goals. Try to limit the reports to information that supports these goals. If the information doesn't support the goals, then the "need to know" isn't there. Keep in mind there's a huge difference between being able to use the information and really needing it. Often, information given to people who really don't need to know it has unintended negative consequences.

    For example, one company routinely released internal cost reports to its engineers. The idea was this would "empower" the engineers (a misapplication of the concept) by giving them additional information. Getting, talking about, and fuming over this information wasted engineering time. But the real rub was engineers began disclosing this information to customers. It was one thing for project managers to know this information so they understood their bargaining "head room," but quite another for engineers to give that same information to the customers.
  • Identify the security risks. In every organization, there are people who don't follow security policies. They may scoff at password conventions, leave files lying around, leave printouts of sensitive information in stacks on their desks, and so on. While it usually is not the job of the Crystal Reports Administrator to enforce security policy, a breach that involves a Crystal Report (or any other reports you are involved in) produces guilt by association.

    So, make a point of identifying folks who do not conform to security policies and take the appropriate precautions. Those precautions should begin with removing those people from report distribution, along with notification as to why they are removed and what they need to do to get reinstated. Be sure to work with the appropriate managers ahead of time so this is enforceable company policy and not a turf war or clash between individuals. 
  • Review with the IT people who administer the network. The Permissions settings will tell you quite a bit about who should have access to what--assuming the Permissions settings follow the same company policies and due diligence you would expect them to follow.
  • Identify the "real players"--folks who get things done and don't seem to have emergencies. Ask the real players for some input. Who really needs to know? Who is a security risk, and what might be done about that?
  • Review with the senior managers. One of our customers makes an Excel spreadsheet listing users (by title) down one side, and report categories across the top. He prints out a hard copy, and sits down (in person) with senior managers to make the determinations. Then, he uses this spreadsheet as the basis for setting up distribution parameters.
  • Review periodically. Policies that made sense a year ago--or even last week--may not make sense today. A scheduled review takes care of longer-term policy changes. But also leave the door open for ad hoc reconsiderations. People move, quit, get laid off, get promoted, get reassigned, and so on. When considering a change, use the same process outlined above.

 

This article is copyrighted by Crystalkeen, Mindconnection, and Chelsea Technologies Ltd. It may be freely copied and distributed as long as the original copyright is displayed and no modifications are made to this material. Extracts are permitted. The names Crystal Reports and Seagate Info are trademarks owned by Business Objects.

These keywords may have brought you here: defining report distribution parameters, inadvertent releases of information, authorized distribution, mission critical distribution, crystal reports administration, crystal reports system issues, administering crystal reports, managing crystal reports, tips for crystal reports administrators, crystal reports managers, crystal reports tutorials, crystal reports tips, crystal reports articles, crystal reports information, crystal reports tips, crystal reports help, crystal reports training