May 17, 2012 at 4:06 am
What are the different options to configure access rights to a report in ssrs?.Please let me know all the options briefly.Is it possible to apply security to reports on a db level ?
May 17, 2012 at 4:18 am
annoymous authentication to the web site - as it implies no authentication, everyone can see
forms based authentication - uses forms to authenticated to the web site
custom authentication - write your own to do your own custom authentication
windows authentication - standard, uses windows accounts.
you apply security to the report at the report server level, you then secure who can see that report in SSRS, then is uses the data source with credentials you supply to connect to the database, which is why windows authentication is the best way as you limit what the accounts can and cannot see at both the SSRS level and the database level.
May 18, 2012 at 8:17 am
One of our vendors implemented Reporting Services on their solution by using local groups (created on the box with SQl Server and Reporting Services) to define the users and their abilities (according to which group they were placed in). It was an interesting solution, since you don't have to know Reporting Services to assign permissions to see reports. Any sys admin that has rights to assign members to groups on the box can assign the users to the correct groups to give the permissions needed (since the Reporting Services directory has the proper permissions set for the desired groups). Then, you just add whoever you want to the groups, and they will have access to those reports.
One thing to remember is that, for a user, Windows Authentication is required to go to the RS main menu, to have access to the reports contained there, and in any directories set up.
I wrote up a small tutorial on it. Here it is. Hope it helps.
How to use Local Groups to frame the SSRS permissions
If on Server 2003, do a right-click on My Computer and choose Manage. Under System Tools, expand Local Users and Groups.
On Server 2008, go to Server Manager, and expand Configuration on the left side, and expand Local Users and Groups.
Create a new local Group (right-click Groups and choose New Group), something like SalesReportUsers, and add Windows users to it that are ok to run the reports. You can also add another group called SalesReportMakers, and add Windows users to it that you will allow to actually create and install reports.
Also, create a group that will include ALL domain users, something like AllRptUsers.
Note that SSRS requires windows authentication for users who run or create reports (the actual reports can use Windows or SQL Server authentication for the data retrieval).
Then, in the SSRS administration screens, set the permissions for each directory and/or specific report for the local group that should have access to those reports, or creation permissions.
Important - Make sure to give the AllRptUsers local group access to the SSRS home page. That way, all users can see the directories, but only the ones that have access to those directories can actually choose them and see what is in them (once those permissions are set as well). If this is not done, nobody will be able to get to the SSRS website, since no one will have access to the home page.
Then, as new users need to be added, just figure out what groups they should belong to and add them in the Local Groups as Windows users. The SSRS permissions are already set for those groups (assuming you did so above), so no further action would be needed.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply