Using stored procedures versus roles

  • Hi

    Using

    I've created an user especially for reporting purposes given the role datareader.

    Now I want to access a stored procedure in my report (VS2008 Report builder) but i cannot do so because this user has no role of excecution.

    What's the best way to secure the reports ?

    Give the rights of execution to this user ?

    Kind regards


    JV

  • I don't know if it considered the best way, but it is what I do.

  • I think a little more explanation is in order.

    Security for reports, and security for the stored procedure do not need to be the same. The user set up to use your data source in the report manager must have execution access to the stored procedure. However you can use different users and security for report access. Users can have access to some folders and reports in Report Manager but not others regardless of the data source permissions.

  • Hi there

    Thank you for your reply and I agree with what you are saying but the report users are active directory users.

    My matter is whether giving the user given in the datasource property, rights to execute and not only datareading. We are going to use reporting services on the internet and i'm scared that someone can access this user which has execution rights.

    Kind regards


    JV

  • Execution rights to a stored procedure is way more secure than direct read/write access to a table. My understanding is that this is a generally safe construct, but you are really getting into areas outside of my expertise.

    I have not done this but I know of one instance where it was done: it is possible to display a report on a website, where the website calls for the report from the report manager and then the website displays the report. You get another layer of abstraction which is always helpful in security.

    Good luck.

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply