February 9, 2016 at 5:08 am
To prevent people in France seeing UK data and vice versa, we have an EMEA report with a country pick list, which is accessible to certain people, and then we created a linked copy into a UK folder and another into the France folder with the country parameter, hidden and defaulted accordingly, so we can give permission to the UK only user to only see/run the report in the UK folder which is fixed to run against UK data etc.
This works perfectly fine and ensures all countries view the 'same' report, so maintenance/development is easy.
However if they go to create a subscription then the hidden parameter is now visible and they could change it to France etc.
What is the best way to solve this? apart from not allowing subscriptions for the users in that folder, as we want to encourage self-service
If I have to go down the route of a security table, so is applied in the report query, then this removes the purpose of a linked report, and we could get away with just 1 report, but the query would be more complex, plus the design of an app to maintain this data level security.
This is SQL 2008R2 Standard, but I guess it is the same problem in any version. (data driven subscription not an option)
thanks in advance.
February 9, 2016 at 11:01 am
Bit of a tricky one. An idea might be to use the ReportFolder global as the parameter value to determine the country it is running for from the folder path. You can then set your parameter to Internal and then it cannot be accessed from the subscription or via URL access.
This way the location of the linked report will determine to parameter value and you wont need a security list.
N.b. Tried this after I wrote it. The gotcha is that Globals!ReportFolder is empty when running the report in BIDS. You can hardcode a default or set the parameter to allow nulls while working on it.
February 10, 2016 at 9:22 am
Hi,
thanks for that great idea, it sounds like it would work and I'll give it a go.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply