March 12, 2012 at 4:35 am
Has anyone successfully deployed SSRS in to an internet facing solution and how are you managing security for it?
I've read this article here and totally understand the concepts.
Are you giving the external users an active directory account on your domain which has browser access to SSRS and then limited read access to the db back end or are you doing something which involves a login page then you get access to SSRS and if so how do you limit what folders they can see at the home page.
Only ever done SSRS as an internal deployment in the past so this is all new to me.
March 12, 2012 at 7:23 am
You might want to consider SSRS Security extensions. I see them mentioned in your article link.
A lot of people in this situation also use ASP.Net as the external facing front end, and call the reports from an internal SSRS server.
March 12, 2012 at 7:40 am
thanks, I think my little understanding of programming languages lets me down on this.
i've only ever had exposure to T-SQL as I'm a DBA, never been a developer so think I might have to pass this to the website solution architects to look through as its their main goal. I'm comforatble in ensuring SSRS is configured reports deployed and accessable, then will require collaboration to get it finalised.
March 12, 2012 at 8:49 am
anthony.green (3/12/2012)
thanks, I think my little understanding of programming languages lets me down on this.i've only ever had exposure to T-SQL as I'm a DBA, never been a developer so think I might have to pass this to the website solution architects to look through as its their main goal. I'm comforatble in ensuring SSRS is configured reports deployed and accessable, then will require collaboration to get it finalised.
I think its fairly easy to learn ASP.NET. You can use SSRS controls in ASP.NET to create internet facing SSRS solution. You even don't need to type code. There are controls and you just need to configure properties of these controls.
Regards,
Basit A. Farooq (MSC Computing, MCITP SQL Server 2005 & 2008, MCDBA SQL Server 2000)
http://basitaalishan.comMarch 12, 2012 at 8:53 am
Thanks Basit, I'm diving deeper into this when I get a moment aside from the other things I'm working on.
One thing I would like to know is say I have 1million users and 1million reports, each user is assigned 1 report. If I went down forms authentication and transposed the SSRS homepage to the users how would it lock down to just their one report and not all 1million reports? Thats the big deal as we dont want companies seeing other companies data. Doing this using AD groups is easy, but not so sure at a forms authentication level as I am guessing the IIS user needs to be able to see the reportserver url to get the rdl's
March 12, 2012 at 9:07 am
anthony.green (3/12/2012)
Thanks Basit, I'm diving deeper into this when I get a moment aside from the other things I'm working on.One thing I would like to know is say I have 1million users and 1million reports, each user is assigned 1 report. If I went down forms authentication and transposed the SSRS homepage to the users how would it lock down to just their one report and not all 1million reports? Thats the big deal as we dont want companies seeing other companies data. Doing this using AD groups is easy, but not so sure at a forms authentication level as I am guessing the IIS user needs to be able to see the reportserver url to get the rdl's
This is possible. If you read form based security section of .NET Web Based Client Application book for MCTS 70-526 this shows clearly how you can secure reports. You can actually define your group and associate each user to there own group and then grant permission to user to these groups.
Can I ask why permissions have been granted to each user.
Regards,
Basit A. Farooq (MSC Computing, MCITP SQL Server 2005 & 2008, MCDBA SQL Server 2000)
http://basitaalishan.comMarch 12, 2012 at 9:12 am
as a next step in the product lifecycle is our service in a box which comes with a set of reports specific to that client.
we have a current user base of over 1.3million users across the globe and theoretically each one could login and access SSRS at any one time and we only want their specific reports to display not the full catalog.
the example I gave below is just a concept, this is still in the development phases yet
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply