Share this page
Excel reports security model
Anyone who can modify PPM report types and add a file in the Excel templates directory can create a new Excel report.
You can configure in the report type to control which PPM users can run the report. However, no security check is performed when the report is run. That means that if a PPM user does not have access to a specific project in PPM but there's a report that retrieves data from this project (either through a dashboard data source or a direct SQL), the PPM user can view this project’s data in the report as long as the user can execute or view the report.
Note: Because scripting is allowed in the Excel template and scripting enables users to run arbitrary code on the PPM server, only trusted users can have the authority to modify the Excel templates stored on the PPM server. Excel templates on PPM server should be treated with the same level of caution as JSP files.
