Protecting SSRS reports

  • Is there a way to protect an SSRS report so that no one can copy, modify or export the report? And using security setting is not an option as, we want to protect the Intellectual property or the report.

  • I'm curious about this one too. I have been working on a package of reports but the only way I have so far to protect them is to host them on my own server. I'd love to hear about any other options!

  • I have to say I’m surprised that no one has any ideas on how to protect Intellectual Property “IP” in a SSRS report. This leads me the question why would you ever use SSRS, if you can’t protect your “IP”? I find it hard to beleveid that no one has brought this to MS attention before now.

  • Either that or the solution is so obvious that we totally missed it!

  • Following those thaughts. Try downloading the reports once they are deployed to the server... I just can't find any way to do it at the moment (web access, or sql side).

  • in Report Manager, open report, go to properties, edit button under Report Definition section. You then save the RDL to import back into Management Studio

  • I presume you mean the actual data in the report rather than the actual report definition itself?

    You could prevent the users from exporting the reports by setting the "Visible" property of each rendering method in the rsreportserver.config to false - that stops them from exporting.

    On the other hand, SSRS is a web based tool, so it renders to HTML which anyone can highlight and copy.

    I would be interested in hearing ideas on how this could be achieved though.

  • I was personally talking about the rdl definition... protecting against intellectual property theft. I know the data belongs to the client so I want him to be able to do whatever he pleases with its own data.

  • A custom role that does not include the "Consume reports" task will prevent users from getting the rdl via the web interface.

    Can you deploy remotely?

    As the definitions are store and you cannot modify the way that works - then I don't think it is possible, so it is a bit of an oversight by MS.

  • What do you mean by deploy remotely?

    I guess plan B would be to host the reports on our own servers but then we have to download the databases to our server or something similar... that's another hornets' nest waiting to be walked on.

  • From VS can you deploy to their server?

    Alternatively can you expose their Reporting Services web service so that you can deploy via that? At least this means that the rdl file is never on their network and only stored in the DB?

  • First time I ever hear of that. Any article on how to do this?

  • Here is the msdn reference, I would google around to see what you can find - I would alway encourage people to learn about it anyway to make integrating ssrs with LOB apps easier.

    http://msdn.microsoft.com/en-us/library/ms152787.aspx

    Look at the create report method; http://msdn.microsoft.com/en-us/library/reportservice2005.reportingservice2005.createreport.aspx If you can, creating a simple web front end that allows you to define a deployment location (clients SSRS web service) and schedule information, then you have a powerful tool.

    Here is a different approach; deploy via MSI

    http://www.codeproject.com/KB/reporting-services/SQLReportDeploy.aspx

    Personally I prefer the web service way of doing it, but not all clients like opening up web services to the web like that.

    If I get sometime I will try and put something together about this kind of deployment, no promises though.

  • Hi,

    Actuvally ,I created the data generator dll and we are using that dll as data source in my report.And if any user/developer doesnt have the dll and doent have the credentials they cant able to run the report.

    But i am not sure how to protect the report components like table.

    Thanks,

    Veeren.

    Thanks & Regards,
    Veeren.
    Ignore this if you feel i am Wrong. 😉

  • I would consider using the report viewer control since I've seen an app that we couldn't copy the data (other than typing it out).

    I don't know how secure you need this to be, but asssuming you need to show the data... they'll be able to copy it somehow, at least by typing it out again.

Viewing 15 posts - 1 through 15 (of 23 total)

You must be logged in to reply to this topic. Login to reply