March 5, 2012 at 1:34 pm
Hello,
A new member joined in our team , i have to configure access to reports folder
which has around 100 folder and more than 1500 report all are not give permission based on folder or parent folder access.
now i have to give access to all reports with admin access, how to go about in a easy way.
it is pratically impossible for anyone to check the folder and give access of that type.
Kindly suggest.
Regards
Durai Nagarajan
March 5, 2012 at 3:20 pm
If they should have administrator access to everything then you can add them as an administrator at the top level and that should apply to all levels.
In reality, you should be using AD groups to manage security.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
March 6, 2012 at 1:49 am
+1 on the AD groups, by far the best way to manage SSRS security
To add on to what Jack already said, if they do not warrent the need to be a SSRS system administrator at the top level, but at folder and report levels and your not using AD groups, its a pain staking job of adding the account in to each folder/report that the user needs access too with the right permission levels
March 6, 2012 at 12:12 pm
Hello,
we are using domain accounts.
we have configured Content Manager to the user on top folder still he cant able to see most of the sub folders.
new folders and reports are accessible.
Regards
Durai Nagarajan
March 6, 2012 at 12:28 pm
domain accounts and groups are two different things,
the objects to which the user cannot see will not be set at home level security. You will need to go through all the folders and either revert them to parent security or add the account or group access to the folders
March 6, 2012 at 12:36 pm
as mentioned earlier we have so many folders is there a short way to complete this.
Regards
Durai Nagarajan
March 6, 2012 at 12:44 pm
nope, it is a pain staking process to go through and change the security. That is why you see so many people talking about security groups in ad which are set at ssrs level so you dont have to go through 1000 folders and 10000000 reports each time you add a new user
March 7, 2012 at 7:51 am
If you don't have access to AD groups (to create new ones and insert the people in them), then you can create groups on the local SQL Server box and add them manually there. Then just add that local group as the group to give access to in the Reporting Services folder. Then you just have to add people to the appropriate local groups and they will get the report access according to those group permissions.
One of the vendors we use did it that way on the system that houses their databases and reports.
March 7, 2012 at 12:03 pm
viking can you help in setting up that.
if any doc anything available kindly share it.
Regards
Durai Nagarajan
March 7, 2012 at 12:38 pm
Sure.
If on Server 2003, do a right-click on My Computer and choose Manage. Under System Tools, expand Local Users and Groups.
On Server 2008, go to Server Manager, and expand Configuration on the left side, and expand Local Users and Groups.
-------------------------------------
Create a new local Group (right-click Groups and choose New Group), something like SalesReportUsers, and add Windows users to it that are ok to run the reports. You can also add another group called SalesReportMakers, and add Windows users to it that you will allow to actually create and install reports.
Also, create a group that will include ALL domain users, something like AllRptUsers.
Note that SSRS requires windows authentication for users who run or create reports (the actual reports can use Windows or SQL Server authentication for the data retrieval).
Then, in the SSRS administration screens, set the permissions for each directory and/or specific report for the local group that should have access to those reports, or creation permissions.
Important - Make sure to give the AllRptUsers local group access to the SSRS home page. That way, all users can see the directories, but only the ones that have access to those directories can actually choose them and see what is in them (once those permissions are set as well). If this is not done, nobody will be able to get to the SSRS website.
Then, as new users need to be added, just figure out what groups they should belong to and add them in the Local Groups as Windows users. The SSRS permissions are already set for those groups (assuming you did so above), so no further action would be needed.
Hope that helps.
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply