Folder Structure Security

  • Hi,

    In report manager we have reports grouped in folders which are our offices, they are organised as follows

    London, Manchester, Leeds, Bristol etc . . .

    Each of these folders contain reports for users located in their specific office.

    The first folder is called public and has reports which all users from all offices have access to.

    We have some users who need access to reports in an office other than their own.

    What is the best way to give them access ? Is this possible without duplicating reports?

  • How do you currently make sure that the London users only get access to the London Reports? I'm guessing it's by security groups?

    IF so just add the user to more than one security group.

    -Luke.

    To help us help you read this[/url]For better help with performance problems please read this[/url]

  • You can aslo set up individual permissions on folders or reports

  • POCTOB (6/10/2010)


    You can aslo set up individual permissions on folders or reports

    While this can be done, I always recommend using security groups as it makes it easier to manage. People come and go and change positions often in a company of any but the very smallest. Using groups makes making the changes easier. All you have to do is ensure that the new user is in all of the same groups as the outgoing user and they get access to all of the same reports without having to modify the security of each report or folder individually and having the possibility of missing one.

    If you are only managing 10 reports for 5 users, then it's one thing but when you are talking about anything larger than that it becomes much easier to use groups.

    -Luke.

    To help us help you read this[/url]For better help with performance problems please read this[/url]

  • Sometimes you have to give user access to limited number of the reports visible for other group. And if it is only one or two users, I don't see a point to create domain group for them. you will end up with number of groups with one of two users in each of them. Each case is different.

  • POCTOB (6/10/2010)


    Sometimes you have to give user access to limited number of the reports visible for other group. And if it is only one or two users, I don't see a point to create domain group for them. you will end up with number of groups with one of two users in each of them. Each case is different.

    While this is true, I find the ability to manage all of the users permission in one tool (ad users and computers) to greatly outweigh having a couple or even a couple of dozen extra groups floating around. If they get in your way put them in their own OU and then you don't have to deal with them through your normal use. Plus there's always the bit about future proofing, how do you know there will only ever be 1 or two users in those groups. What if the company grows, gets acquired, acquires someone else? Additionally, it makes it easier to give your auditors a list of who has access to what, without having to remember those special one off sets of permissions that you gave to individual users. But to each their own.

    -Luke.

    To help us help you read this[/url]For better help with performance problems please read this[/url]

  • Thanks for your replies guys.

    I agree that creating an extra group for users who need access to other folders makes sense as it is a lot easier to manage in the long run and inevitably as the number of reports grows and the user base changes it would be difficult to manage by setting the rights on individual reports.

    On our previous system before reporting services we did use to set up security rights to individual reports and while it was alright in the short term for a few users it became quite a long winded process to add a greater number of users. Additionally we had rely on whoever setup the rights to the report to remember who had access and why.

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply