September 25, 2008 at 8:55 am
I've inherited an instance of SSRS 2005 that was previously set up by someone who is no longer here. The problem is everyone in my company has full access to all folders and reports through Report Manager!
I checked the Security pages through Report Manager for all of the folders and individual reports and the only thing listed is BUILTIN\Administrators (Role=Content Manager). I checked with my network admin and no one here is an admin on that SSRS server except for our network manager, so I cannot figure out how this is happening.
How is this possible in SSRS? I thought you had to explicity assign a network login to each folder and report? Can you somehow disable SSRS security in Report Manager or some other way?
September 25, 2008 at 11:05 am
A screenshot may help
so there's no weird groups under Home -> Properties -> Security?
not just the Report Folder (if any), Home is the parent folder and children folders by default inherit the permissions
September 25, 2008 at 11:30 am
No, no weird grioups at all. The only group under Home,Properties,Security is:
BUILTIN\Administrators
In fact, all folders and reports only have this listed under Security!
I've been reading more into this and this it might be related to setup in IIS: For that virtual directory, if I click on Preoperties, Directory Security, then Edit (Authentication and access control) it shows the box marked "Enable Anonymous Access" is checked! So I might try unchecking that to see if it works. Also related might be the RSReportServer.config file has
Which means "Secure connections are not required but can be used". Should I also change this Value to 3 which means "All communication must use secure connections."? What is the default when installing SSRS (I'm guessing someone changed this after installation)?
March 18, 2009 at 1:02 pm
I've encountered a similar issue before. You might want to make sure that the server is getting the right authentication. Write a small report that just displays the user name of who the report is being run by, double check to make sure it returns unique names rather than everyone running in the same context.
Brad
June 13, 2009 at 8:15 pm
Probably not a solution for anyone else, but I was in the same boat. However, this was on a test server that another guy in my department setup. On a hunch, I looked at the Built In Admin group and low and behold that Domain Users group was added to it! That will give everyone access to everything...
October 9, 2009 at 11:41 am
We're experiencing the same thing currently have found that our server team have the anonymous user checked, but have also placed the anonymous user in the administrators group... therefore it's a builtin administrator by default.
Undoing it seems to be more of a headache.
October 9, 2009 at 11:50 am
ecalbers (10/9/2009)
We're experiencing the same thing currently have found that our server team have the anonymous user checked, but have also placed the anonymous user in the administrators group... therefore it's a builtin administrator by default.Undoing it seems to be more of a headache.
I don't understand what you mean because the anonymous user in Win2003 and up is not even a member of the default everybody group so this is ceated by someone in your company so they need to change it or your team members are unskilled.
Kind regards,
Gift Peddie
October 9, 2009 at 12:27 pm
I think our issue may be unique because the software vendor that we are dealing with specifically are relying on the anonymous user... I'm not too familiar with the security aspect, but I know that it's causing some headaches.
October 9, 2009 at 12:41 pm
ecalbers (10/9/2009)
I think our issue may be unique because the software vendor that we are dealing with specifically are relying on the anonymous user... I'm not too familiar with the security aspect, but I know that it's causing some headaches.
That explains it which takes me to who paid for such a carelessly developed reporting software? The reason is reports in a company goes to only those who need to see these reports so buying a packaged software allowing anonymous access to report manager is not a good idea.
Kind regards,
Gift Peddie
November 8, 2009 at 8:28 am
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply