Code Access Security Across Multiple Assembly Security Extension

Oct 14, 2005

Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.

View 9 Replies


ADVERTISEMENT

Custom Security Extension: How To Give Access To Everyone

May 29, 2007

Hi All,



My application is currently integration with reporting services using custom security extension. I have my own USER and ROLE database to determine who/which role can access certain reports.

My question is how to give access a report to be viewable by everyone? I dont want to assign all users or all roles to achieve this.

The other thing that I found out is, let say I change the name one of the user/role. Because of this, the authorization will fail because the old name/role is not in the DB anymore. Is this expected? or is there a workaround it?



Your help is appreciated.



Thanks!

View 2 Replies View Related

Basic Authentication Vs Security Extension For Internet/Xtranet RS Access

Dec 19, 2007

does anybody know why MS doesnt consider Basic Authentication a viable solution for Inter/Xtra net access to RS? I'm re reading the documentation at http://msdn2.microsoft.com/en-us/library/bb283249.aspx but so far am not getting what the Security Extension options accomplish that can't be accomplished with much less effort using some form of Basic Authentication.

View 25 Replies View Related

Forms Security Extension Sample

Mar 9, 2006

Hi,

I have installed the SSRS 2005 Forms based login security extension as per the sample and instructions that come with the product install. I have double checked my work and debugged up to the point explained here.

My user is in the database and I can get to the login page. I have traced the code and can see the user being authenticated properly by server.LogonUser, the authentication cookie being created and placed in the response object, and then the redirect url being set to the reports/pages/folder.aspx. I have employed tcptrace and can see the sqlAuthCookie set in subsequent posts.

Unfortunately the redirect to folder.aspx never happens. I keep returning to UILogon.aspx. I think their is something either wrong with the auth cookie or the web.config in the ReportServer IIS virtual directory. The relevant xml from the web.config is attached below.

I would appreciate any thoughts. I am running on W2K3 SP1. Thanks.

Mitch

<identity impersonate="false" />

<!--<authentication mode="Windows" />-->

<authentication mode="Forms">

<forms loginUrl="logon.aspx" name="sqlAuthCookie" timeout="60" path="/"></forms>

</authentication>

<authorization>

<deny users="?" />

</authorization>

View 3 Replies View Related

Issue In Custom Security Extension

Aug 22, 2006

Hi,

The custom security extension generates the following error, when try to access Report Manager. The specifications are as follows.
1. Its 64-bit SQL Server (Reporting Services) and installed as default instance.
2. The Report Server is accessible programmatically. I can publish, view reports without problems, but Report Manager gives an error.
3. Another instance (named instance) of Reporting Services with the same custom security extension on same server is working fine. Report Manager opens up without problems.
4. Both the instances working fine since 3 installation and configuration (3 months back). Now, only the Report Manager of the default instance is not openeing up.

ReportServerWebApp__08_22_2006_08_52_20.log
-------------------------------------------------------------------------
w3wp!ui!1!8/22/2006-08:52:56:: i INFO: Overwriting existing cookie
w3wp!ui!1!8/22/2006-08:52:57:: e ERROR: The report server is not responding. Verify that the report server is running and can be accessed from this computer.
w3wp!ui!1!8/22/2006-08:52:57:: e ERROR: HTTP status code --> 500
-------Details--------
Microsoft.ReportingServices.UI.Global+RSWebServiceWrapper+CantCommunicateWithReportServerException: The report server is not responding. Verify that the report server is running and can be accessed from this computer.

at Microsoft.ReportingServices.UI.Global.RSWebServiceWrapper.GetSecureMethods()

at Microsoft.SqlServer.ReportingServices2005.RSConnection.IsSecureMethod(String methodname)

at Microsoft.SqlServer.ReportingServices2005.RSConnection.ValidateConnection()

at Microsoft.ReportingServices.UI.Global.SecureAllAPI()

at Microsoft.ReportingServices.UI.ReportingPage.EnsureHttpsLevel(HttpsLevel level)

at Microsoft.ReportingServices.UI.ReportingPage.ReportingPage_Init(Object sender, EventArgs args)

at System.EventHandler.Invoke(Object sender, EventArgs e)

at System.Web.UI.Control.OnInit(EventArgs e)

at System.Web.UI.Page.OnInit(EventArgs e)

at System.Web.UI.Control.InitRecursive(Control namingContainer)

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
w3wp!ui!1!8/22/2006-08:52:57:: i INFO: Overwriting existing cookie
w3wp!ui!1!8/22/2006-08:52:58:: e ERROR: Exception in ShowErrorPage: System.Threading.ThreadAbortException: Thread was being aborted.
at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) at at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)


The service is running fine. Any suggestions/pointers would be greatly appreciated.

THanks in advance

View 4 Replies View Related

Security Extension Sample RS 2005

May 15, 2008

Hello,

I have followed all the steps indicated in the Security Extensions Sample for RS 2005, and I have not changed any webpage code. However, I get the following errors:
- when accessing http://<computername>/ReportServer Access to the path 'C:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesReportServerlogon.aspx' is denied
- when accessing http://<computername>/Reports Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied


Can someone help please?

Thank you!

View 1 Replies View Related

Can You Set Up Forms Authentication Without A Security Extension?

Mar 13, 2007

On my current project we have a requirement to re-authenticate the user when accessing sensitive information.

We want re-authenticate using standard NT logins against Active Directory (not a custom database or SSO.

This is trivial to configure using Basic Authentication, however I would like to use an ASP.NET login form. I would like to avoid writing a security extension as I do not want to perform custom authentication. I would like the web service to use it's built in authentication and authorisation mechanisms.

Is the above possible???

The following gives some more details about wht I've tried.

I have tried configuring the report server/manager with Forms authentication as in the sample but cannot get it to work with out implementing the security extensions.

I changed the web.config files and the policy files for permissioning my dll with FullTrust. I did not configure an extension as I want reporting services to use it's built in windows security mechanisms.

In the login page code behind I call the ReportingService2005.LogonUser() method which always throws the following exception:
Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'. The request failed with the error message: --




Reporting Services Error




The report server has encountered a configuration error. See the report server log files for more information. (rsServerConfigurationError) Get Online Help



SQL Server Reporting Services --.



I check the log file and it has the following:


at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.logon_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
aspnet_wp!library!18!03/13/2007-11:38:23:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details., ;
Info: Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.FormatException: Input string was not in a correct format.
at System.Text.StringBuilder.FormatError()
at System.Text.StringBuilder.AppendFormat(IFormatProvider provider, String format, Object[] args)
at System.String.Format(IFormatProvider provider, String format, Object[] args)
at Microsoft.Samples.ReportingServices.CustomSecurity.Logon.ServerBtnLogon_Click(Object sender, EventArgs e) in C:Program FilesMicrosoft SQL Server90SamplesReporting ServicesExtension SamplesFormsAuthentication SamplecsFormsAuthenticationLogon.aspx.cs:line 130
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.logon_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
--- End of inner exception stack trace ---
aspnet_wp!library!18!03/13/2007-11:38:24:: i INFO: Exception dumped to: c:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesLogFiles flags= ReferencedMemory, AllThreads, SendToWatson
aspnet_wp!library!1!03/13/2007-11:39:11:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: The report server has encountered a configuration error. See the report server log files for more information., Could not load Authentication extension;
Info: Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: The report server has encountered a configuration error. See the report server log files for more information.



Am I missing something? Is this even possible? If not, then why isn't it possible?

It feels like I've been going round in circles on something that shouold be pretty trivial to configure.

Thanks in advance.

Adam.

View 9 Replies View Related

Deploy Custom Security Extension Sample

Dec 28, 2007

I follow the instructions here to deploy the sample security extension: http://www.codeplex.com/MSFTRSProdSamples/Wiki/View.aspx?title=SS2005!Security%20Extension%20Sample&referringTitle=Home

After I have configure the config files and created the "UserAccounts" database I restart the IIS and tried to connect to Report Manager at http://localhost/Reports

This is the error i got: The report server is not responding. Verify that the report server is running and can be accessed from this computer.

I went to Services and saw my Reporting Services is stopped. Tried to start Reporting Services and it timed out.

View 3 Replies View Related

Problem With Forms Security Extension Sample - RS 2005

Feb 21, 2007

I am attempting to deploy the sample Security Extensions. When I navigate to <machinename>/reports in IE, it works fine and I am able to register the administrator. The user exists in the table correctly, but I am unable to login as the user. It keeps going back to the same uilogon.aspx redirect page.

It appears to be a similar error as http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=289636&SiteID=17

However, I am using the machine name the entire name, never referring to it as localhost. Any ideas? Thanks!

View 1 Replies View Related

Implement CheckAccess In Custom Security Extension With Non-builtin Roles

Jan 21, 2008

Roles Table:

RoleID, RoleName
<RoleID1>, Allow_ClientFolder
<RoleID2>, Allow_ClientReportA
<RoleID3>, Allow_ClientReportB
<RoleID4>, Allow_CompanyFolder
<RoleID5>, Allow_CompanyReportA
<RoleID6>, Allow_CompanyReportB

UsersInRoles Table:

UserID, RoleID
<UserID1>, <RoleID1>
<UserID1>, <RoleID2>
<UserID2>, <RoleID4>
<UserID2>, <RoleID5>
<UserID2>, <RoleID6>
<UserID2>, <RoleID1>
<UserID2>, <RoleID3>

e.g.
when the <UserID1> clicks on the "home" link show only "Client" folder and when <UserID1> clicks on the "Client" folder only "ClientReportA" will show.

Here is the accessable map for each user:

<UserID1>
Client

ClientReportA

<UserID2>
Client

ClientReportB
Company

CompanyReportA
CompanyReportB


Question:
What is the best way to implement CheckAccess? At first I thought I can access the item names and I can test authorization through that, but AceCollection contains operation permission of the accessing object.

View 4 Replies View Related

Custom Security Extension - Authorization Questions Using Forms Authentication

Nov 9, 2007

Greetings. I have developed our own custom security extension, implemented forms based authentication, and can authenticate from report manager, report server and sql studio. So far so good.

However, when it comes to Authorization, i'm unclear in a few areas and would appreciate if someone could help me out with the following questions. It should be noted that in the code I have granted an administrator user full access to all operations and permissions, and then tested against both an administrator user and a normal user.


IAuthorizationExtension.GetPermissions summary says

"Returns the set of permissions granted a specific user for an item in the report server database."

Inparticular, the secDesc parameter is supposed to contain the security descriptor associated with the item.

However, with our extension this parameter is always null, even if I have already granted access for a user, which is confirmed through logging in CreateSecurityDescriptor.

Through the report manager or sql studio I can see that the permissions have been created, so I can't understand why I never see them in the GetPermissions method? This then (seems to) flow through to the various CheckAccess methods, where the users are authenticated, but are not authorized to perform any operations. i.e. in report manager a user has no folders or reports available.


Is RS authorization designed around the concept that the details will always be stored in it's own database?

Ideally, we'd like to have the various roles, users and function authorizations defined in our own security framework. This is working great for the authentication aspect of the extension, but unless there is a mechanism which exposes the details of the particular authorization process (e.g. the name of the folder being viewed or report being run), then I can't see a way we can implement it. Unless i'm missing something fundamental of course!


Using Report Builder as the Administrator user (or any other user), I can see no data models available, even though I have created them via Report Manager, and I get the following exception trying to open up the list of reports:

System.Web.Services.Protocols.SoapException: The permissions granted to user '' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '' are insufficient for performing this operation. at Microsoft.ReportingServices.Library.ListChildrenAction.PerformActionNow() at Microsoft.ReportingServices.Library.RSSoapAction.Execute() at Microsoft.ReportingServices.WebServer.ReportingService2005.ListChildren(String Item, Boolean Recursive, CatalogItem[]& CatalogItems)

I have implemented a report server proxy (inherited from ReportService2005) as per the example, to pass through the authorization cookie. Any clues as to what could be wrong?

Finally, I suspect part of my problem may be in assignment of users to System Roles ("System Administrator" and "System User"), I'm not sure if these are meant only for Windows Authentication? I can see no way of assigning these roles to any of my users using Forms Authentication.

Thanks for any help or advice you can give!

View 25 Replies View Related

Reporting Service 2005, Custom Security Extension Failed.

Mar 10, 2006

Hi,

I am trying the get the custom security extension samples to work on my machine. I have installed everything according the sameple help file. However, i am getting a "Authentication Ticket is not issued by LogonUser." error after I attempted to log on to the report manager thru UILogon.aspx page. I already created an admin user. Upon a closer inspection, I realized that the authentication went thru okay, however, the authentication Ticket Name contained in the "RSAuthenticationHeader" has a duplicate value of "sqlauthticket, sqlauthticket". So apparently, the report server added this value twice to the response header. Has anyone seen this error before? How would you fix it? Also to bypass this error, I parsed out the header and take the correct auth ticket name, now report manager just redisplays the logon page and not letting me thru. Has anyone have seen that before? I am running in Win 2003 server, IIS 6, .NET 2.0 and SQL server 2005 enterprise version.

Thanks for the help,

Eric



View 1 Replies View Related

Custom Data Extension - Security Error On Report Server

Mar 21, 2007

I have written CDE to retrieve and process data before generating the report. It works very well inside VS.Net. However, when deployed to the report server I get the following error

An error has occurred during report processing. Cannot create a connection to data source 'CallsTaken'. Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

I have added appropriate CAS entry in rssrvpolicy.config file as following




<CodeGroup

class="UnionCodeGroup"

version="1"

Name="CustomDataExtensionCodeGroup"

Description="Code group for the Custom Data Extension"

PermissionSetName="FullTrust">

<IMembershipCondition

class="UrlMembershipCondition"

version="1"

Url="C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServerinCSS.CustomDataExtension.dll"/>

</CodeGroup>

I have added appropriate entry into rsreportserver.config for data extension as

<Extension Name="Dataset Extension" Type="CSS.RS.Extensibility.CustomDataExtension.DsConnectionWrapper, CSS.CustomDataExtension"/>

Even then I continue to get this error. Any help? Is there anything else I am missing? I am using VS .Net 2005, SRSS 2005 on W23 machine.

I have been stuck here for a while now. Help is appreciated.

Thanks

View 2 Replies View Related

Custom Assembly Security

Oct 3, 2007

Hello Everyone,

When I run my report from report manager, I get the following error message

Failed to load expression host assembly. Details: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

My report uses a custom assembly. I have already done the following

1. copied the assembly in the "reportserverin" and the "common 7privateassemblies" area
2. Made the following entry in the rssrvpolicy.config

<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="RSUtil.TranslationHelper"
Description="Translation Helper Utility">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:Program FilesMicrosoft SQL ServerMSSQL.5Reporting ServicesReportServerinAMOTest.dll"
/>
</CodeGroup>


3. Added the following line to my assemblyinfo.cs file

[assembly: AllowPartiallyTrustedCallers]

regards,
Abhishek.

View 9 Replies View Related

Reporting Services :: Data Extension Supports Windows Integrated Security And No Credentials Only

Feb 22, 2011

I am trying to fetch the sharepoint list data into the SSRS report.

I have given credentials in shared datasource to access remote datasource.

In preview i m getting the following error:

Data extension supports windows integrated security  and no credentials only.

View 3 Replies View Related

System.Security.SecurityException: That Assembly Does Not Allow Partially Trusted Callers

Jan 4, 2008

I have successfully compiled & deployed the custom security extension. Currently I am having some runtime error when using the added Membership.Data.dll for authentication & authorization.

Membership.Data.dll
* signed with a strong name key
* [assembly: AllowPartiallyTrustedCallers] is added
* it uses Microsoft.Practices.EnterpriseLibrary.Data.dll for database connection

I have also added connectionstring to web.config(s) under ReportManager and ReportServer.


Here is the exception:

System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Security.SecurityException: That assembly does not allow partially trusted callers. at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) at Membership.Data.DataProvider.Acquire(String DatabaseName) at Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationUtilities.VerifyPassword(String suppliedUserName, String suppliedPassword) in C:Program FilesMicrosoft SQL Server90SamplesReporting ServicesExtension SamplesFormsAuthentication SamplecsFormsAuthenticationAuthenticationUtilities.cs:line 116 at Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationExtension.LogonUser(String userName, String password, String authority) in C:Program FilesMicrosoft SQL Server90SamplesReporting ServicesExtension SamplesFormsAuthentication SamplecsFormsAuthenticationAuthenticationExtension.cs:line 70 at Microsoft.ReportingServices.WebServer.RSCustomAuthentication.LogonUser(String userName, String password, String authority) at Microsoft.ReportingServices.WebServer.ReportingService2005Impl.LogonUser(String userName, String password, String authority) at Microsoft.ReportingServices.WebServer.ReportingService2005.LogonUser(String userName, String password, String authority) The action that failed was: LinkDemand The assembly or AppDomain that failed was: Membership.Data, Version=1.0.0.0, Culture=neutral, PublicKeyToken=<key>The method that caused the failure was: Microsoft.Practices.EnterpriseLibrary.Data.Database CreateDatabase(System.String) The Zone of the assembly that failed was: MyComputer The Url of the assembly that failed was: file:///c:/Program Files/Microsoft SQL Server/MSSQL.4/Reporting Services/ReportServer/bin/Membership.Data.DLL --- End of inner exception stack trace ---

Any ideas? I assume that Microsoft.Practices.EnterpriseLibrary.Data.dll is in GAC so i shouldn't have to worry about [AllowPartiallyTrustedCallers]

View 3 Replies View Related

Custom Security Extension - Report Manager And Report Server On Different Machines

Sep 19, 2007

Hi,

I'm trying to deploy Reporting Services on an Internet-facing web server using a custom security extension (forms authentication). We will be putting Report Manager on the Web Server outside of the firewall, and Report Server on another machine inside the firewall. When testing the solution in a development environment with Report Manager and Report Server on the same box, the solution works fine.

When testing it using the Internet-facing environment described above, it almost works but there seems to be an issue with the authentication cookie that is generated. Here's what happens:

1. User enters credentials on UILogon.aspx and submits form.
2. In the code-behind, LogonUser() is called through a web service proxy and the authentication cookie is returned successfully. The code used here to set the cookie is the same code used in the Forms Authentication sample that ships with RS2005.
3. The user is redirected to Folder.aspx, and the request hangs for a while, and eventually kicks you back out to UILogon.aspx, as if it lost the authentication cookie. When doing a trace on the HTTP header, the cookie is still there.

Is there anything special I need to do to make the Report Server "see" the cookie when I have Report Manager and Report Server on different machines?

Any help would be much appreciated!

Mike

View 2 Replies View Related

SQL 2012 :: Persist Security Info And Integrated Security In Connection String

Dec 4, 2014

I use from sql server 2008. and c#

what is the best connectionstring?

I don't know if i use Persist Security Info and Integrated Security or not?

And if yes then their value must be true or false?

View 1 Replies View Related

SSRS -- Security Filter And Model Item Security Setting

Jul 31, 2007



Hi,


I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.


The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.



For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;

in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.



My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?


The article also says:

"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."



So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.



I can only get one result at a time but not both:

either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.



Your help is highly appreciated!

Desperate developer

View 1 Replies View Related

Code Security When SQLSrvExp And App. Is Running On Same Pc

Dec 20, 2007

Hi,

My application is running on one machine using SQL Server Express
in Administrator user.

How can softwre-user can be restricted to edit stored procedures,functions and triggers ?
{using SQL Server Management Studio Express}

Is the better way to write CLR based procedures,functions and triggers ?

Please tell me.

Parminder

View 15 Replies View Related

Differance Between Persist Security Info And Integrated Security

Apr 26, 2007

hi i want to know what is the differance between  
Persist Security Info=False;Integrated Security=Yes;

View 1 Replies View Related

Code And Data Security In Hosted Servers

May 2, 2008

Dear guys

I want to publish my web site and sql server on a hosted server. But i'm worried about people behind the server. all of my codes including web and stored procedures of sql server are open. as far as I know, there is no effective way to protect web pages source. how about sql server? I mean compiling stored procedures.

and another important thing is data. I think certain people have potential to see or change all of my records, or for example give email address of my customers to a third party or ... .

Is there any way?

View 4 Replies View Related

Security Levels Of CLR Code When Deployed To Another Server.

Mar 29, 2006

Hi,

My question kind of covers a couple of areas.

I have written some SQL 05 CLR code that produces a single DLL file. I have specified that the code is 'Safe' e.g. it will not be carrying out any external assembly access or other file accesss.

The code simply contains some stored procedures that will update/instert etc data from the database.

The question is, how do I actually deploy the code to a a remote server? Do i simply take the DLL and use CREATE ASSEMBLY code to set it up?

Furthermore, are there any security issues i need to consider when i deploy the assembly given that I have already set up the security to be 'Safe' ? e.g. is there anyway that a database can be locked down so that CLR code would not run irrespective of the safe setting.

As far as I understand it, SQL CLR code is ran under the SQL Server service account, so does this mean that if this user is locked down the code would not run?

Any clarifications or extra info would be greatly appreciated.



Peds

View 6 Replies View Related

Security Exception When Calling Custom Code From A Report.

Nov 13, 2006

Hello,

When I run my report from within visual studio 2005 it generates just fine.

However, when I run the report from the reporting services local web site I get the following error. What do I need to do to fix this (temporarily turning off .net security uusing caspol didn't work).


An error occurred while executing OnInit: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed





View 9 Replies View Related

SQL Security :: Running Job As Windows Security Group

Oct 18, 2015

Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions. 

View 4 Replies View Related

Setup Of Security / Integrated Win Security On Vista

Jul 6, 2007

I have Sql Server Express installed on Vista (service pack 2)

I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.



The login ID of the service is added to the database.

The database has remote access turned on.

The ID is granted access to all databases within the server.

The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.

The dataserver is set with using Windows Authentication for security.



When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.



How to I get past this? I've done everything right.

View 1 Replies View Related

Use An Existing AD DL Security Group For Security Role

Jun 18, 2007

I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:














The user or group name <DLName> is not recognized. (rsUnknownUserName)"

View 1 Replies View Related

MS Access Security

Jan 3, 2006

Applied Access security feature to a database using its Security Wizard. Procedure went smoothly.

Been developing a software using VB 6.0 using an Access database as the main data source. Haven't had any problem manipulating the database via VB, but recently attempted to modify the database structure via Access, but was unable to do so, because either my username or password is allegedly invalid. Tried all passwords I can recall, but unable to get through. Haven't been able to create a new database, either.

Development of the software and creation of the Access database is being done on a stand alone laptop, that may or may not have been a workstation in a network.

Any help to resolve this issue would be appreciated.

Napatan

View 2 Replies View Related

Security Access

Aug 24, 2006

I would like some clarification please...

I have setup Windows Authentication to SQL2005 using a group with a default database. The group has access to the default database.

Now it's my understanding, if I have a user that's a member of the group, idividual access does not need to be setup to connect to SQL Server. Users connect on the credentials of the group... Is this a correct interpretation??

Ex: Windows groupname = SQLConnect Default db = Anydb

Anydb has groupname SQLConnect connect permissions

Windows username = test1 (is member of SQLConnect group)

Problem: test1 trys to login but gets an error that they can't connect to default db...

View 1 Replies View Related

SQL Security - Multiple SQL Servers

Feb 6, 2001

Question:

How to prevent a user/admin on one SQL 7 server, who knows the system admin password that is common to both servers, from accessing a second SQL 7 server via the SQL Server Group setup process.

Is there a way from shutting off remote access to a SQL server without limiting RPC?

All reading points towards 1) Remote Access Options, 2) Store User Independent, 3) Control Store as options to locking down a server. Would like to hear from someone that ran into this type of issue. Third party software available?

I've tried the following without any success: 1) I have deleted the second SQL server registration from the first SQL server group - but this is too easy to delete and recreate, 2) edit the SQL server registration for the remote server and force authentication - almost there if SQL prevented deletion of the registration without verifying the logon/password of the person who created it (again able to delete and recreate), 3) played around with the client utility to remove the TCP/IP pipe entry.

Anyone else pulling their hair out on this?

TIA!

View 1 Replies View Related

How To Access The DB With Integrated Security

May 11, 2007

Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX

View 3 Replies View Related

SQL Server Access/Security

Aug 22, 2001

In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?

Thanks.

Helen

View 1 Replies View Related

SQL 7 Security And Access 97 Front End

Jan 26, 2001

I am using Access 97 as a front end to access SQL 7 server on NT 4.0 server.
I've set up security model based on NT authentication only. Users have login right to login to SQL and they have public & dataread & denydatawrite access. They also have SELECT permission on a table object and have no permission to INSERT, DELETE and UPDATE.
When I use Access 97 to access a database, users are still capable of inserting and deleteing records in tables.

Am I doing something wrong?

Thanks, Michael.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved