May 21, 2021 at 8:54 am
I have an instance of SQL Server 2019 Express and SSRS 2017 installed on a Windows 10 PC. Windows user .\Paolo is part of the local administrators group.
I am trying to configure the security on the SSRS Web Portal to make sure that when .\Paolo opens the Web Portal in IE (http://localhost/reports) he is not granted administrator permissions.
So far I have configured the SSRS Web Portal security as follows:
Enabled the local Administrator account and added it to the System Administrator role (site settings security) and the Content Manager role (Home folder security).
Removed builtin\administrators group from System Administrator role (site settings security) and from Content Manager role (Home folder security).
Added the local user .\Paolo to the Browser role (Home folder security).
Despite all this the user .\Paolo is still granted all permissions on the SSRS Web Portal. I would only expect this to happen when IE is "Run as Administrator" but that's not the case.
UAC is enalbed on the PC.
Any suggestions?
Thanks.
May 22, 2021 at 9:10 am
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
May 25, 2021 at 3:48 pm
My first thought is that the local user Paolo is a member of a group on the local machine that has additional permissions on the SSRS instance.
That or you are browsing the site as a user other than Paolo.
One last thing I'd check is if IE is being run as administrator by default. You can verify this by starting IE and checking the details tab in task manager. It could be that someone set up IE to run as administrator by default.
The above is all just my opinion on what you should do.
As with all advice you find on a random internet forum - you shouldn't blindly follow it. Always test on a test server to see if there is negative side effects before making changes to live!
I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.
May 25, 2021 at 3:54 pm
It turns out that this behaviour is built into SSRS and cannot be changed. Irrespective of which users and permissions have been configured in SSRS, members of the local administrators group are always granted full access.
October 27, 2021 at 7:22 am
This was removed by the editor as SPAM
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply