Reporting Configuration & Permissions

In 18R1, we updated Vault’s reporting capabilities to make it easier for customers to organize reports across their vaults. Changes include:

  • An updated Reports tab
  • A new Reports object, with an object record for each existing report in your vault
  • Changes to report Audit Logs
  • Updated groups
  • Updated permissions sets

See Reporting Overview for information about the updated Reports tab. See details below for information about the changes to reporting, configuration options, and how this change impacts your vault and users.

About the Report Object

Reports are now managed as individual Report object records. For each report that you create, Vault creates a Report object record with the following fields:

Field Name Data type Description
Name Text (128) Report name
Description Text (255) Report description
Report Type* Picklist or Object Report type; note that the picklist only includes predefined document relationship reports
Created By Object (User) User who created the report
Last Modified By Object (User) User who last modified the report
Created Date DateTime Date on which the report was created
Last Modified Date DateTime Date on which the report was last modified
Status Picklist Current status of the report
ID ID Report object record ID
Lifecycle State Component Current lifecycle state the report is in; this shows whether or not the report is a Flash Report
Runs As (Flash Reports Only) Object (User) User who ran a Flash Report
Schedule (Flash Reports Only) Text When a Flash Report is scheduled to run
Last Ran (Flash Reports Only) DateTime Date and time the Flash Report was last run
Public Key Text (existing) The field name for the report
Is Shared? Yes/No Whether or not the report is shared with other users
Tags Multi-value picklist Any tags assigned to the report
Report Type Alias Text (Dev defined) The alias for a report; this is only applicable for document relationship reports whose report type is not predefined

When viewing reports, users can add these fields to the tabular view, as well as utilize them in search and as filters. Note that users can only edit the Name, Description, and Tags fields. See below for more information about tags.

Configuring the Tags Picklist

You can add and manage report tags in the Tags picklist to assist users in sorting and filtering reports. For example, you may add tags for certain users, such as CRA, or certain applications, such as Coder. Users can assign these tags to reports from the Reports tab, and then filter on or search the tags.

Audit Logs

In previous releases, reporting actions were recorded in the System Audit History page of the Audit Logs. Now that reports are now managed as Report object records, Vault records reporting actions in the Object Record Audit History page. For more information about these pages, see Viewing Admin Audit Logs. Note that you can still see previous reporting audit logs in the System Audit History.


The following limits affect reports in 18R1:

  • Report labels and descriptions are no longer translatable.
  • Users with the Read-Only and External license types can be assigned a Viewer or Editor role even though they cannot view reports.

Dynamic Access Control for Reports

Vault now uses Custom Sharing Rules and Manual Assignment to share reports and manage user access. Note that new security and roles in 18R1 function in the same way as security profiles and permissions in previous releases.

User Groups

Vault includes two new system-managed groups that control the ability for certain security profiles to view and edit all reports:

  • Report Administrators: This group includes security profiles that are granted the right to read and edit all reports except flash reports. This group contains the System Administrators and Business Administrators security profiles, as well as custom security profiles that previously included the Reporting: Administer permission.
  • Report Owners: This group includes security profiles that are granted the right to read and edit all reports, including flash reports. Any user with the Vault Owner security profile is now added to the Report Owners group.

Note that you can also add additional security profiles to either group.

Manual Assignments to Share Reports

Sharing reports is now done through manual assignment. Users with an Owner or Editor role on a given Report object record can add other users or groups to an Editor or Viewer role. Owners can also assign other users or groups to an Owner role. Users can assign roles to share a report from the report’s Sharing Settings page.

In previous releases, the ability to work with reports depended on the Reporting application permissions. In 18R1, the main reporting permissions are object permissions, which allow you to view, create, edit, and delete Report object records and manage reports at the object level. The Reporting application permissions are also renamed Dashboards & Reports. Note that some Dashboards & Reports application permissions are still required. In addition, there are several changes to tabs permissions.

The following permissions now control the ability to work with reports:

Type Permission Label Controls
Security Profile Object: Report: Read Ability to view reports that other users have shared with you.
Security Profile Object: Report: Create Ability to create new reports.
Security Profile Object: Report: Edit Ability to edit any reports that you created or to which other users have given you the Editor role.
Security Profile Object: Report: Delete Ability to delete your own reports or reports to which other users have given you the Editor role.
Security Profile Application: Dashboards & Reports: Read Dashboards & Reports Ability to access reports. This also prevents Read-only Users and External Users from accessing reports, including Flash Reports sent via email.
Security Profile Application: Dashboards & Reports: Schedule Reports Ability to use the Schedule action to schedule flash reports.
Security Profile Tabs: Reporting: Reports: View Ability to see the Reports tab.