How to secure XLSReport functionality

Hi there, my requirement is: Users should only be allowed to export data they have regular access to. Problem: By default, reports are generated in system context and all existing data is included. Any ideas that don't require maintaining intermediate data entities? regards, Fabian
1 answers

As far as I can tell, XLSReport uses OQL behind the scenes, so having entity access monitored looks impossible.

What worked for us was using the client API to retrieve data either via XPath or an access-protected Datasource Microflow, and then rendering the Excel on the client side with ExcelJS.