I have a application .net that search a folder on report server and reads the reports inside that folder and display on asp.net page. The permissions for the asp.net user are working fine to deploy and execute on website.
Now, I want to users to deploy on "My reports" folder, so they only see theirs reports.(The users have access to report server and use report builder).
I search and I could not find a solution for this:
I want to give permissions to an a user (the same that is running on asp.net server), to access all "My reports" folder of all users(Users Folder), so I can execute the reports inside users folder on website.
I put the asp.net server user as local administrator of the report server, but with that permission te user can only see the content of the folder, this user can not execute the report. Any idea what is the problem?
I finally found a solution, and does not involve add users to local administrator of the machine.
I used the IAuthorizationExtension.
I found this example that enable anonymous access for all users witch was a start.
On my implementation I used WindowsAuthorization, because I want to keep the existing authorization and give access to one specific user. On all CheckAccess methods I check if the user is the one I want to give access and return true otherwise return the WindowsAuthorization.CheckAccess(...). On all others methods of the interface I also used the WindowsAuthorization.
With this solution the user running website can access all content of reporting services.
Related
I am trying to access a SOAP web service in my VB.NET Project so that I can print a report directly to printer without any pop up or confirmation click by user .I tried to access the SOAP web service in my project using this link
http://myservername/reportserver/ReportExecution2010.asmx
But i get the error permissions granted for this user are insufficient to perform this operation .
For a normal report i know that i should go to reports folder and give access to datasets,datasources and any other folder with the id's that i want to deploy and also access.
But i dont know where to give access for accessing SOAP web service .I searched on the internet majority of the solutions are about report access and not web service .
ReportExecution2010.asmx web service uses the same security behaviors as the SSRS website. Try giving your domain\user account the Content Manager role within the SSRS website first.
I can not see my queries using Excel Team plugin. I get an error enter image description here
TF8001:An error occurred while accessing the work item database. Contact the administrator
Please use the administrator account to check these:
First, please check whether the current query allows your account to access it.
click on the Shared query-->Security
Make sure that the related options are allowed.
Second, make sure that your account has access to the current work item.
Project Settings--> Project configuration
Finally if you execute the query to tfs work item database, you should contact your Administrator to add permission for your account.
Want to identify the users/login with Administrative access on server to migrate them to new server's. I have tried Select * from $System.TMSCHEMA_ROLE_MEMBERSHIPS but these give information regarding the particular database i need more at server level.
Ssas users are done quite differently from normal databases. Ssas uses only the active directory account of the user trying to connect.
On server level the only security is done in the properties of the server, there you can select active directory users with administrative access to the server.
On database level you can create roles, give them access to (part of a) database and link active directory users/groups to them.
Using the analysisservices namespace of microsoft you already mentioned you can look trough every role in every database and note the permissions.
As far as I know you can't actually use this namespace to see all the administrators of the user. But unless you have an unreasonable amount of administrators the best solution might be to just open the server in sql server management studio, click on properties, security and write down all the AD members manually.
I hope this helps you and good luck!
We are creating reports and try to deliver them using a shared folder adding a subscription for that, but when we created it as for user credentials and we can add them for test proposes but the environment on prod, for security reasons we cannot put the credentials on it because IT uses all with windows authentication for security reasons.
Is it any way to set a windows user to deliver the file on the shared folder without add it when is configured?
The parameters for the database and the database server can be set in the data source as an expression, however you eiteher need to define a "ReportAdmin" user to always publish the reports with. The publisher should know the credentials prior to deployment. Other than that the data source will balk and inform that it needs credentials to run the operations :(
I'm in the process of pulling a classic ASP app into Mvc2. I'll be deploying to an intranet and have been asked to enable support for Windows Authentication. The network I'll be deploying to has a few AD Domains and I'll only need to integrate with one in particular. Is it possible to use Windows Authentication and only allow authentication within a particular domain?
Along those same lines, it's not uncommon for a user to have an account in multiple domains (the account names themselves are typically different) - in the event a user logs in with an "unsupported" domain I'd like to kick them to a login form. Is this possible simply using Windows Auth or am I better off looking for an alternative?
Pro Tip:
Whatever you do don't implement Windows Authentication via IIS. Have a Forms Authentication page in your MVC app but use the LDAP authentication provider. This way you avoid the differences between how browsers implement Windows Authentication (only works well in IE and that's not a great reason).
The question "Is it possible to use Windows Authentication and only allow authentication within a particular domain?" has always has one and only one answer in my consulting experience: the answer is the permissions that you set for authenticated resources.
I've rarely found a deployment where there isn't some file, folder, server, COM+ object, SQL Role or database table that can't be "locked down" to only allow access by the subset of users you're targeting (e.g. "DOMAIN\Domain Users"):
Set permissions on the ASPX files (or the folder containing them, along with inheriting to the files) that are the "front door" (and optionally, all the others) so that they're only accessible to users in the "Domain Users" group for the allowed domain
restrict logon rights on the server that hosts the web site, so that only the Domain Users group have the appropriate rights - depending on the authentication provider used, this could be "allow logon locally" or "access this computer from the network"
set permissions at some layer of Component Services
restrict the SQL Server roles so that only "Domain Users" have the ability to read & execute the necessary database objects