May 2, 2017 at 5:08 am
Hi all,
We run a shared application in IIS on .net. I am looking for a way to provide user generated reports that application admins can access via a browser and create reports.
The kicker is that each admin will be accessing the same database from different URLS and must only have access to data assigned to that URL via applicationIDs that are stored within each row in the DBs.
Before I delve into reporting services for the first time I was wondering if this sort of partitioning is even possible. Cursory examination of the setup process suggests not.
Thanks for any advice.
Rolf
May 2, 2017 at 6:16 am
kangarolf - Tuesday, May 2, 2017 5:08 AMHi all,We run a shared application in IIS on .net. I am looking for a way to provide user generated reports that application admins can access via a browser and create reports.
The kicker is that each admin will be accessing the same database from different URLS and must only have access to data assigned to that URL via applicationIDs that are stored within each row in the DBs.
Before I delve into reporting services for the first time I was wondering if this sort of partitioning is even possible. Cursory examination of the setup process suggests not.Thanks for any advice.
Rolf
If you want it to be automated, Row-Level Security would be the option. However, that's only available on SQL Server 2016.
For some manual control, you can use views on different schemas. Depending on how you can validate the permissions, your object count can go exponentially high or you might need to just add a few of them.
One last option is to define the reports yourself or assign them to a team, so the admins won't have the ability to create or modify them to access data they shouldn't access.
Be sure that the reports and urls are not the only security to prevent unauthorized users to access data they shouldn't.
May 2, 2017 at 7:36 am
Hi there,
thanks for taking the time to reply.
Creating lots of views for each possible table structure for each application is probably more work than what I do now manually. We are on 2012 so no row level security.
I seem to be running into this problem everywhere and it might be a case of rolling my own and integrating with a decent graphing library as everything I look at is designed around the assumption that you want to give access to the database rather than to certain rows.
If anyone knows anything that might help I'd love to hear about it.
Thanks
Rolf
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply