Least Privilege

  • Comments posted to this topic are about the item Least Privilege

  • There is a difference between 'secure' & 'insecure' and while I strive for former, I am often obliged to settle for the latter.

    A case in point: SQL Server Reporting Services.

    I recently upgraded SSRS from SQL Server 2014 to 2022. The domain login that had been used for inter-server connections (and for the File Share Account) suddenly didn't work any more. The sysadmins told me that the account is unchanged from their end. I only found out towards the end of restoring reports that I could no longer save reports automatically to the network using the dedicated domain login. Meh.

    But I have other work that needs doing. So, I stuck in my work domain account into SSRS and that worked. This is a major security no-no. The alternative is to go to each co-worker and tell them to manage their own reports, that subscriptions no longer work in SSRS. I'd love to be able to spend a couple of days reading up Microsoft Learn, Stack Overflow, SSC and endless blogs to find out what the cause might be. Now, I think that Microsoft changed SSRS so that domain logins now require logon-rights for the domain login used by the File Share Account but I have to follow up on this. Microsoft Learn is neither a quick nor an easy read.

    In retrospect, I should have created a new reports server in parallel but then, in my naivete, I never expected that SSRS would cause me days of extra work and oblige me to engage in less-than-desirable security arrangements.

    • This reply was modified 4 months, 1 week ago by  sean redmond.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply