August 19, 2008 at 6:01 am
Hi all,
We are looking at a security policy for our Db and just trying to understand how reporting services checks credentials when running stored procedures. If I run a report in reporting services (click on the view report button) it then fires the code for the stored procedure etc does it pass any credentials into the stored procredure in order to run, or is all the security done completely at a reporting services level before it runs the stored procedure?
Not sure if I have articulated what I am getting at here but I hope i am making sense. :hehe:
August 19, 2008 at 6:12 am
The credentials which are used when you view a report depend on the configuration of the datasource. It could be set either dynamically during execution or a fixed username and password could be set for the datasource.
In case you want to use subscriptions you have to use a fixed username/password.
Hope this answers your question
[font="Verdana"]Markus Bohse[/font]
August 19, 2008 at 6:30 am
Thanks for the quick reply. Just to ensure I understand this correctly If I store the credentials in the data source then the credentials are self contained in reporting services... But if I have select the option not to save the login details then the details will be asked for and passed dynamically to SQL for independent verification...
Is this correct?
August 19, 2008 at 7:09 am
If you look at the options you have with defining a datasource you basically have 4 options.
1. Supply credential interactively when running a report, which menas the user have to enter a username and password.
2. Using fixed credentials stored in the report server.
3. Windows Integrated security
4. No credentials are requirend.
Option 2 means that fixed credentials are stored in RS, but when you run the report SQL Server will still evaluate if that login has the necessary permissons.
If you want to use option 4, the guest user must be enabled and have enough permissions to query the data or execute a stored procedure which is used in the report.
While option 2 and in a way option 4 use fixed credentials, for the other two options the credentials are defined dynamically when the report is run. But in all four cases SQL Server is contacted to evaluate if the user has permissions to access the data.
[font="Verdana"]Markus Bohse[/font]
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply