User Security Issue: User does not have required permission
-
Hello
I have a security related issue in SSRS 2012
I have users in Active directory groups that should define which folders they can see (and, I turn reports they can run)
I want to ensure that individuals can only see folders that relate to the groups they are in
I am looking to secure this at folder level, so
Click next to the folder and select Security
Add the user group (Domain\Group)
Tick Browse
OK
When the user attempts to access SSRS, they get:
User '<Domain>\<Name>' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed
I've followed some instructions that work:
To get this resolved you need to start you Internet Explorer as Administrator -> Run as Administrator then open the url http://<Server name>/Reports this will take you to the "SQL Server Reporting Services" Home page
Click on the "Folder Settings" button.
Click on the "New Role Assignment" button.
Add the Group or user name: DOMAIN\USER_NAME, and permissions you have logged in as.
Click on Ok button.
The issue I have though, is that this sets security at HOME level
I am now having to go into each sub folder and remove the appropriate groups causing broken parent inheritance
I suppose that works but it does seem long winded
Is there a better approach here as this means I have to go in and remove groups every time I create a new one
I would really expect to have no access unless you are added to a sub folder
Thanks
Damian.
- Damian
-
SSRS is wierd; that UAC error message is misleading.
there are TWO places you have to add the same group or user:
Lowell
--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible! -
Thanks
Via Site Settings, If you set the role up as System User, it looks to provide 'View system properties, shared schedules, and allow use of Report Builder or other clients that execute report definitions'
Setting this provides Report Builder
Can I prevent this?
How would I provide a user with:
General access to Reporting Services
ONLY the ability to view certain folders
Within those folders, ONLY the ability to run reports, view what reports are available and create subscriptions i.e. Browser Role
Thanks
Damian.
- Damian
-
Looks like I need to create a New System Role Assignment
http://searchsqlserver.techtarget.com/tip/Managing-permissions-in-SQL-Server-Reporting-Services">
http://searchsqlserver.techtarget.com/tip/Managing-permissions-in-SQL-Server-Reporting-Services
Problem is, if I go into Site Setting; Security; New Role Assignment, I do not have the ability to create a new system role, I only have the 2 default roles (System Administrator and System User)
I cannot see 'Configure system-level role definitions'
Does anybody know what I am missing here?
Looks like I can edit via SSMS
Connect to the SSRS instance and amend security there
So, the only issue that remains now is how to selectively remove Report Builder
Any thoughts?
Thanks
Damian.
- Damian
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply