R-Tag

Mobile friendly

R-Tag

Mobile friendly

Using Crystal reports with a desktop application has one major flaw. The report is physically available to the user, and if the user has access to Crystal reports designer, he/she may change the report and produce documents with incorrect data. For example, the user may print a check with wrong recipient/amount, generate an insurance policy with the wrong dates, bypass filters set in the report to see just his/her data, etc. Assuming that access to the reporting database is set using Integrated security, there are 2 ways for the user to get the original report and print it:
  1. Most likely the reports will be placed in a local or shared folder with read only access. This will not stop the user from copying the report to a local folder with write access, making changes, and running it using Crystal designer or a 3rd party tool.
  2. When Crystal reports runtime runs the report, it will create a local copy in the local temp folder. There is no way to avoid that. If you run the report you will have a copy in teh temp folder. Some people may say that the report is available for a short time. It doesn't matter. There are software applications, which can detect changes in a folder and make backup copies, not to mention that if the user's permissions to delete files for temp folder are set to “Deny” the report copy will be created but will be never deleted.

To check if your reports could be copied do the following:
  1. Open Windows File explorer (press Win + E).
  2. In the address bar write %temp% and press Enter. This will open your temp folder.
  3. Right click the temp folder and select Properties, then select security tab and click the “Advanced” button.
  4. Click “Add” to create new permission entry.
  5. In the new dialog box select type: Deny. It might be necessary to select different principal to enable the Type combobox.
  6. Press “Show advanced permissions” on the right and check “Delete subfolders and files.”

    Temp folder permissions

  7. Press OK to save the permission entry.
    Start your Crystal reports viewer, run a report and check if a new file was created. The file will be either in the Temp folder or in a subfolder. For example, it could be in Temp/1. The file name will be the original file name plus a unique identifier. For example, the report “Chart.rpt” was copied as “Chart 8400_10128_{83DD32F7-1580-462D-85C7-C5E04B81EDC5}.rpt”. Each time you run the report the file name will be different. This file contains the full report and can be edited in Crystal reports designer.

    Temp folder reports


Every once in a while, we get the question: “Why doesn't R-Tag support RPZ or similar files with "added" security?” The answer is, usually the "added" security means that the file will be zipped with a password and this approach doesn't work. SAP runtime is not able to read zipped files directly. So, in order to load the report in SAP runtime, the zipped file should be unzipped first. The file will be available twice: when it is unzipped by the 3rd party viewer and when SAP runtime loads it in order to run it.

R-Tag supports 2 ways to protect Crystal reports' files:
  1. Crystal RPTR files. This is a file format provided by SAP. It allows data refresh but does not allow the changing of the database connection or report design. It still creates a copy in the temp folder but this copy is not readable. For reports developers we have a feature allowing them to generate RPTR files for a folder of regular reports. R-Tag version control is also able to generate RPTR files just for reports with changes.

  2. R-Tag is providing a method to restrict user access to RPT files. This method does not require conversion to RPTR. Reports are in RPT format, and users will be able to run them against dynamically set databases. However, you will be able to control which end user has access to the report files in design mode.

Please contact us if you are interested to discuss the options to secure your Crystal reports' files.