Managing Security in Report Manager

  • Hi Everyone,

    I have come across a very weird situation which I'm unable to figure out. We have a situation where users are able to access a folder in the report manager (http://ReportServer/Reports) for which they don't have access and are able to add or delete groups and users in the security tab which give them access to view the reports which they are not supposed to do.

    I appreciate if someone could assist me why everyone is able to do that.

    Thanks!

  • Do they have access via AD groups maybe?

  • Hi,

    First of all I would like to thank you for the prompt response. I dont think that they have access through AD because the people who are able to update the security are not in the AD group that have access.

    My question here would be how are these people able to view the folders and reports within that when they are not in the role that has access to these folders?

    Thanks again

  • I had no idea beyond maybe they are in an admin group. I'm really no expert in security. I just have 2 groups here. CEO group and normal users.

    The only difference is 2 folders for the CEO and that's it.

    I've never studied much beyond those needs.

    I'll step aside unless I have other ideas or you have more hints.

    Good luck with this.

  • Here is something i've noticed.

    The Secruity at the Home tab has the below groups

    1. BUILTIN\Administrators with role: Content Manager

    2. <ReportServer>\DPMDBAdministrators$<ReportServerName> with role: DPMAdminsRole

    Do you think if any of these is giving access?

  • Here's how I would debug this.

    Take another server, make a clean install. And then compare what's different security wise. I'm sure it's just a simple tweak or two.

    Can't think of anything else useful at the moment.

  • The two groups you mentioned could have an impact. Can you go into the local users and groups console and verify what users have been added to the local admins (BUILTIN\Administrators) and the ReportServer>\DPMDBAdministrators$CHI01DPM groups? You may found out that authenticated users or another group has been added to one of these groups which is allowing the unauthorized access. A clean install should show that only the BUILTIN\administrators group is given administrative permissions initially.

  • just check DPMAdminsRole in "site settings-> Item-Level Roles"

    DPMAdminsRole has Manage folder permission given.

    Regards
    Durai Nagarajan

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply