It seems that the Mendix Reports don't listen to the security rules for the reported entities. On the report all records our shown regardless of the security settings of the respective entities (read access and Xpath constraints) Did I miss a security setting or something, or is this a Mendix bug?
Seems there is no other option than constraining the data in the query of the dataset.
Erwin 't Hoen
Eco, what part of the security settings are you deferring to?
Having "read" access? or Xpath constraints ? based on current user ?
what I mostly use is to create a temporary object in the database to use for the actual reporting. This object is related to the specific user and when preparing my reports I fill that with the information needed in the reports, using normal access (and thus normal security). Once you start your report proper, you will have made sure it contains just what is allowed.