It would be great to have an obfuscate access type (on top of deny, grant) so that Column Based Security policies will permit a user to run a report that contains a field they don't have access to (i.e. the column should present empty/contain no data).
Currently, Column Based Security policy will force a user to remove fields denied to them, from an existing ad hoc view (as demonstrated https://www.jaspersoft.com/resources/demand-webinar/dr-jaspersoft-domain-security-files). Once those fields are removed, saving the ad hoc view corrupts the view for a suitably authorised user. Furthermore, a user is not able to run a report (at all) if it contains a field denied to them.
Obfuscate might simply nullify or zero the column at the SQL time or present empty cell values at the presentation layer (with appropriate UI messaging).
Components | JasperReports Server, AdHoc, Domains |