January 12, 2012 at 8:58 am
I uploaded files using Report Manager 3.0 and added a persons Active directory account and gave the person the Browser Role to a folder and its reports. That person was able to delete the reports with only the Browser role assigned.
I do not understand why that is possible when the Role is called "BROWSER"
Also if for what ever obscure and illogical reason this is normal could someone let me know what function I can uncheck using the Management Studio -User Role Properties tool to take this ability away?
As always - Thank you
January 12, 2012 at 9:01 am
Is the person a member of an AD group that has been granted different permissions in Report Manager?
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
January 12, 2012 at 9:08 am
They may have different permissions in a different folders within Report Manager. As far as their actual AD rights for their own PC login I am not certain of the rights given for that other than that we are all part of a domain.
January 12, 2012 at 9:13 am
I would check with the Dom Admin. Get a list of the groups that exist in the folder where this person was able to delete. Take that to the Dom Admin and ask if the person is in any of those groups.
If that person is in those groups, and the permissions are more relaxed for the group, then we'll know why s/he was able to delete.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
January 12, 2012 at 9:19 am
Some additional clarification.
Currently each individuals ad account is its own role. In otherwords I do not have any groups within a role. Does this change what to look into...?
January 12, 2012 at 9:28 am
Yes a bit. If you have not defined any Groups in report manager for access, then this person does not have permissions to delete reports that s/he did not create.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
January 12, 2012 at 9:41 am
ok if that is the case what could possibly be causing someone having more abilities than the role should be supplying?
Any thoughts no matter how far fetched would be greatly appreciated.
January 12, 2012 at 9:43 am
The person is logging in as somebody else with more permissions.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
January 12, 2012 at 10:21 am
I can understand how that would effect things. However emailed the link to the person and it was opened at the persons PC which she logged into using her own AD account.
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply