Authorization of scheduled reports
A scheduled report contains information regarding its author. When it's time for the report to be printed and sent, the ASAB Pyppeteer microservice impersonates the author, ensuring the report is created from the specific user's perspective and access level.
To configure BS-Query (Exports), SeaCat Auth, and ASAB Pyppeteer correctly to allow complete communication between services, follow these steps:
1. ASAB Pyppeteer configuration
Make sure the ASAB Pyppeteer instance can access SeaCat Auth.
2. SeaCat Auth configuration
Make sure SeaCat Auth configuration allows creating machine-to-machine credentials.
[seacatauth:credentials:m2m:machine] mongodb_uri=mongodb://localhost:27017 mongodb_database=auth
3. Create ASAB Pyppeteer Credentials
Refer to the user manual for instructions on creating and assigning credentials, resources, roles, and tenants.
First, create a resource
authz:impersonate and a global role with this resource (named e.g. "impersonator").
Then, create new
machine credentials with
<pyppeteer_password> and assign it the "impersonator" role and relevant tenants.
4. Enter pyppeteer credentials to BS-Query configuration
[pyppeteer] url=http://localhost:8895 username=<pyppeteer_username> password=<pyppeteer_password>
Be aware that ASAB Pyppeteer cannot impersonate a superuser. Therefore, a user with a superuser role cannot create scheduled reports unless they are explicitly assigned a role with the