How to give permissions to groups of users

  • I've been given a new task today. My client wants to be able to create a permissions granting application.

    Basically something similar to AD where we can have groups, we assign permissions to the group on what reports they can see, then we assign users to that group.

    I'm sure someone has done this before but I can't seem to use the right search terms.

    TIA for anything usefull on the subject (article to read, 3rd party applications, anything is welcomed at this point).

  • Do you mean you have a set of Reporting Services reports that you want to use a custom permissions solution for instead of setting up the groups in AD and using the builtin SSRS security?

  • We are opened to anything at this point. I have never read and even less implemented anything of the sort.

    You have anything I can read up on the subject?

  • If you are just talking about setting up security for Reporting Services reports you can start with BOL. Reporting Services uses Active Directory so you just need to deploy reports within a reporting services folder structure and grant access to the folders based on AD groups.

    You create Reporting Services folders using the report manager web interface (http://reportservername/reports). You can then go to the folder properties -> security and grant rights to users or groups. Then you deploy reports to the folders by specifying in your report project configuration that you are deploying to http://reportservername/reportserver/foldername.

  • Let me jsut throw something else out there... those permissions needs to be able to be set by the directors of the shop (without the intervention of the it group if possible).

    Does your alternative allows to do that seemlessly?

    BOL... the one place I didn't search for that!!! :w00t:

  • Well, that's a problem obviously if you are talking about using AD groups to manage security then whoever is managing it has to have rights to modify AD.

    As far as I know, and I am not a true expert, the only way to manage access to RS reports is through AD. You could write a report permissions database with tables like: users, groups, reports, user_groups, group_reports. Then each report query would go out and verify that the user has rights to run the report and if they do return the data if, not return an empty dataset. Or you could do a permissions DLL that you include in the report that runs first (this is off the top of my head) and if it returns true then run the report query, else make an object visible that says "User, x, does not have permissions to run this report".

    Both of the solutions I have listed seem kind of hacky though. Then of course you need to write the app for the managers to manage permissions.

    Or, last you could create an app that uses a specific account that has the minimum AD rights to add users to a groups and let the managers use that to manage permissions.

  • Thanks Jack, awesome information and we seem to be thinking somewhat alike (I was going with making to permissions app myself and integrating it with the c# app that we have to display the report... but I kind of dread making the app that sets the permissions.

    I'll present that and see what they want to do.

    Thanks a million.

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply