Hello,
I am trying to implement row level security in reporting services. Could any help me on this by providing step by step process on this and would be great if you can also tell me what requirements(tables..) should we have to implement security?
It would be great if you can proivde sampele code on this.
Thanks,
Bandi.
Hopefully, someone has figured this out:
I've implemented and tested cell level security on the cube. It's testing certain level conditions, and returns #N/A (as normal) when the user is not supposed to see the cell value. Since I always use .FormattedValue in my reports, works fine in Report Services (and Excel and ProClarity, etc.)
Here's the problem:
When RS parameters encounter this situation, the parameter dataset "breaks" (The following system error occurred: Type mismatch.) This is happening, because the parameter fields (ParameterValue, ParameterCaption, ParameterLevel) are being replaced by #N/A, due to the cell level security. This is happening, because these are actually defined as members, and hence passing through cell level security.
What I need to do is find a way to have these specific members bypass the cell level security, so that the parameter datasets still work. (Failing that, a new way of specifying parameters in MSRS.)
I've tried the following a a cell level security rule, but it doesn't seem to work:
[Measures].CurrentMember is [Measures].[ParameterValue] or [Measures].CurrentMember is [Measures].[ParameterCaption] or
[Measures].CurrentMember is [Measures].[ParameterLevel] or
[Measures].[Is Visible]
Any ideas?
Hi i followed Microsofts "Implementing Row-and-Cell-Level Security in Classified Databases Using SQL Server 2005"
this works fine when i insert delete data on a normal script (mangement studio)
my project runs in a SSIS package, different users. i cannot do a bulk insert using OLEDB data Destination i get the following error
An OLE DB record is available. Source: "Microsoft SQL Native Client" Hresult: 0x80004005 Description: "Conflicting locking hints are specified for table "dbo.tblUniqueLabelMarking". This may be caused by a conflicting hint specified for a view.".
An OLE DB record is available. Source: "Microsoft SQL Native Client" Hresult: 0x80004005 Description: "Conflicting locking hints are specified for table "dbo.tblUniqueLabelMarking". This may be caused by a conflicting hint specified for a view.".
An OLE DB record is available. Source: "Microsoft SQL Native Client" Hresult: 0x80004005 Description: "Conflicting locking hints are specified for table "dbo.tblUniqueLabel". This may be caused by a conflicting hint specified for a view.".
Error: 0xC0209029 at Data Flow Task, OLE DB Destination 1 [1741]: The "input "OLE DB Destination Input" (1754)" failed because error code 0xC020907B occurred, and the error row disposition on "input "OLE DB Destination Input" (1754)" specifies failure on error. An error occurred on the specified object of the specified component.
Hello, we have a customer-facing ASP.NET web reporting application that allows the user to a). select a report b). make report settings (filter, sort, include/exclude columns), and c). run the report. An Oracle stored proc is used to return the data into a DataSet. Today the output is displayed in a bound, paginated DataGrid.
We€™d like to €˜plug-in€™ Reporting Services for improved formatting, grouping, matrix reporting, drilldown, graphics, etc.. I have read through the online docs, examples, and tutorials but have not found the exact (high-level) information I€™m looking for.
We need to keep our report settings page, Oracle SP architecture, etc... Is there a way to simply hand off a dynamically created DataSet to a report for display €“ like binding to the DataGrid? The data (query) would be specific to a report but columns can be selected/unselected for display.
In terms of deployment, is it necessary to install SQL Server in each environment (DEV-Integration, QA, PROD) to support Reporting Services? Since we are essentially an Oracle shop, this could be a tough sell. Is it possible to develop the report on a dev workstation (perhaps with SQL Server), and then publish to a web server where SQL Server is not installed?
These are obviously high-level questions - any help will be appreciated (examples, how-to's, etc..) €“ thanks in advance.
-Bill
I have a requirement where i am converting a Crystal report into SSRS.
My data contains different groups where some of the sections should be suppressed based on Drill down group level.In crystal they are using DrillDownGroupLevel <> 1 .
SSRS 2008 R2
I have two level of grouping  Example:
:::HEADER::: Â Â Â
A [GROUPING 1]
B[GROUPING 2]
C[GROUPING 2]
When I apply Page Break
:::HEADER::: Â Â Â
A [GROUPING 1]
        B[GROUPING 2]
:::HEADER::: Â Â Â
A [GROUPING 1]
        C[GROUPING 2]
[URL]
I’m having problems with security for reporting services when using Windows Integrated Security as the connection type for the data source.
Here is the setup: The reporting service is on a virtual machine called cws-devtest. The database used
by the reporting service is on a server called sql2005, and that database is Enterprise Edition.
There is a cube from which the report retrieves data on a server called sql2005-dev, that is sql server 2005 Developer Edition.
I have created roles on sql2005-dev, and have assigned users and groups to those roles
to achieve the security that I want. I have tested those roles using the cube browser, and using Excel 2007
and that looks very good.
I created a simple ssrs report to test security in that area, and am having trouble simply
viewing any data, logged in as myself, using Windows Integrated Security.
Here is the error from the browser:
•An error has occurred during report processing.
oCannot create a connection to data source 'trade_dw_cube'.
#61607;The connection either timed out or was lost.
#61607;Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
#61607;An existing connection was forcibly closed by the remote host.
If I use “Credentials stored securely in the report server� in the browser for the data source,
and enter my Windows username and password, and check the “Use as Windows credentials when connecting to the data source�
checkbox, I can view the report, but that does not use the roles that I had already created. I prefer to use Windows Integrated Security.
Has anyone been able to use Windows Integrated Security with SSRS?
I removed the BUILTIN/Administrator Permissions on Reporting Server Website,and Added one domain account whose rights is just to read report, However this account still have more privileges than read, I found this account also in the Administrators Group of Report Server Machine,How does report services to identify account's permission? And I could not be allowed to remove this account from administrator group. Any Idea? Thanks
View 1 Replies View RelatedI thought the built in expression Level() would show me be drill down level. I can't see to get that to work. I'd like to determine my drill down level so I can hide columns based on that.
View 2 Replies View RelatedIs it possible to have Interactive Filters in an SSRS report like in Excel at Column Level as highlighted below.
View 2 Replies View RelatedI have a dataset with weekly salary of multiple employees of same grade from different dpt. We are not going to show the report based on employ. The report will be showing data based on Employee grade and their department.
Grade        Dpt       wk1         wk2         wk3       wk4
manager    hr         3000         2500        1000      2000
senior         hr          1300         1500        1300      1600
manager    hr          2500         2300        2100       3000
We need to show the result by grouping grade and dpt. So the Wk1 rate will be the sum of (3000+2500).
Grade       Dpt        wk1           wk2        wk3      wk4     Total
manager   hr           5500        4800        3100       5000      18400 (how to find???)
senior       hr           1300         1500        1300      1600      5700(??)
Total                       6800         6300       4400       6600      24100(??)
How to find the total for each row on the right most end ?
We have 2005 Reporting Services fully functional - Dev, QA and prod (farm). I have at least 5 distinct business group trees in my structure, who have inherited or modified security based upon NT Users and AD groups. Now, we want to replace a major group (<domain_name>Domain Users) with a controlled group.
I cannot find anyway to report or map the folders that a specific NT User and AD group has rights. Cannot it be done?
Hi
I have built an ASP.NET 2.0 application which is accessed both internally and externally. I have forms authentication implemented using an AspNetSqlMembershipProvider, also AspNetSqlRoleProvider and AspNetSqlProfileProvider have been implemented, all data is stored in the SQL 2005 database for the application.
I have been asked to start using SQL 2005 Reporting Services to create some complex financial reporting for the application.
My question is quite straight forward, can I use the security that is implemented in the application to grant and/or deny access to reports for this application in Reporting Services?
If so, please could you provide pointers to the information I'd need to implement this, hopefully in a 'Reporting Services Security for Dummies' style would be good.
Many thanks,
Lee
Hi,
How programing add new <CodeGroup> element to SQL Server Reporting Services policy configuration file "rssrvpolicy.config"(location path:"C:Program FilesMicrosoft SQL ServerMSSQLReporting ServicesReportServer")???
Ahead Thanks!
I have created a new SSRS Server and done all of the basic security setup for the site but I am having trouble with client machine access...At first I had an issue with being able to access report manager from any client and ended up having to shut off windows authentication on the client IE settings to get it to work. Now I am trying to run Report Builder from a client machine and it will not download. The client machine is on the same domain and my user id is set as an administrator within SSRS and as a local admin on the 2008 server.Â
I had the thought that without windows auth in the browser maybe it can't permit me access to the application but if I turn it on I can't get to it to download it. I have set Full Control rights to the folder as well. Most of the info out there is for 2005 and that uses IIS to host the pages where as 2008 does not. Here is the details of the error:
PLATFORM VERSION INFO Windows    : 6.1.7600.0 (Win32NT) Common Language Runtime  : 2.0.50727.4927 System.Deployment.dll   : 2.0.50727.4927 (NetFXspW7.050727-4900) mscorwks.dll    : 2.0.50727.4927 (NetFXspW7.050727-4900) dfdll.dll    : 2.0.50727.4927 (NetFXspW7.050727-4900) dfshim.dll    : 2.0.50727.4927 (NetFXspW7.050727-4900)
[URL] ....
I'm working on a project that requires integration of SQL Server Reporting Services with ASP.NET 3.0 Web Applications.
I'm working on Visual Studio 2005, with SQL Server 2005 on an XP development workstation.
SQL Server, Reporting Services, and IIS are all running on my local machine.
I'm trying to prototype two approaches, one using the Report Viewer control, and the second using the Reporting Services Web Service. I have the two examples setup in projects in Visual Studio.
The sample reports and data sources work fine in Visual Studio. I can access the report using the Reporting Services URL like this: http://localhost/Reports/Pages/Report.aspx?ItemPath=%2fBTT_BDS_DEV%2fCustomers; Report works fine.
My problem is, that when I try and access the report using the Report Viewer inside an ASP.NET page or from the Web Serivce hooked up inside an ASP.NET Page I get a security errors. I have chosen Windows Security for the Datasource, and ASP.NET pages. In the case of the Web Service, I'm passing in my local domain user name as the credentials.
I'm prototyping this on my local workstation, but I need to design this to be used on our corporate Intranet using Windows Security.
My questions are:
1. How do I need to setup users on my local development workstation to get this to work.
2. How should I plan for user security for enterprise deployment, i.e. using Reporting Services inside a large ASP.NET Web Application?
3. Can anybody give me some links to some good developer type working examples of doing this. I've looked but have not found the answers
to the "how do I setup users" part of the question specifcally related to ASP.NET apps?
Below is the code example of the Web Services example app I'm working with which came out of a book I have on
Reporting Services. This example compiles and seems like it would work but doesn't. Also following are a few of the
error messages I get when experimenting with the example apps:
Errors:
1. The permissions granted to user 'LocalMachineNameASPNET' are insufficient for performing this operation. (rsAccessDenied)
2. System.Web.Services.Protocols.SoapException was unhandled by user code
Message="System.Web.Services.Protocols.SoapException: The permissions granted to user 'LocalMachineName\ASPNET' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'WCRBUSCNC2830B\ASPNET' are insufficient for performing this operation. at Microsoft.ReportingServices.Library.RSService._GetReportParameterDefinitionFromCatalog(CatalogItemContext reportContext, String historyID, Boolean forRendering, Guid& reportID, Int32& executionOption, String& savedParametersXml, ReportSnapshot& compiledDefinition, ReportSnapshot& snapshotData, Guid& linkID, DateTime& historyOrSnapshotDate, Byte[]& secDesc) at Microsoft.ReportingServices.Library.GetDataForExecutionAction._GetDataForExecution(CatalogItemContext reportContext, ClientRequest session, String historyID, DataSourcePromptCollection& prompts, ExecutionSettingEnum& execSetting, DateTime& snapshotExecutionDate, ReportSnapshot& snapshotData, Int32& pageCount, Boolean& hasDocMap, PageSettings& reportPageSettings) at Microsoft.ReportingServices.Library.GetDataForExecutionAction.ExecuteStep(CatalogItemContext reportContext, ClientRequest session, DataSourcePromptCollection& prompts, ExecutionSettingEnum& execSetting, DateTime& executionDateTime, ReportSnapshot& snapshotData, Int32& pageCount, Boolean& hasDocMap, PageSettings& reportPageSettings) at Microsoft.ReportingServices.Library.CreateNewSessionAction.Save() at Microsoft.ReportingServices.WebServer.ReportExecution2005Impl.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo) --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportExecution2005Impl.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo) at Microsoft.ReportingServices.WebServer.ReportExecutionService.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo)"
Source="System.Web.Services"
Actor="http://localhost/ReportServer/ReportExecution2005.asmx"
Lang=""
Node="http://localhost/ReportServer/ReportExecution2005.asmx"
Role=""
StackTrace:
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at WebReportTester.localhost.ReportExecutionService.LoadReport(String Report, String HistoryID) in C:Documents and SettingsconbcxMy DocumentsVisual Studio 2005ProjectsBTT_BDS_DEVWebReportTesterWeb ReferenceslocalhostReference.cs:line 242
at WebReportTester._Default.btnExecuteReport_Click(Object sender, EventArgs e) in C:Documents and SettingsconbcxMy DocumentsVisual Studio 2005ProjectsBTT_BDS_DEVWebReportTesterDefault.aspx.cs:line 82
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Web Service Code Example:
protected void btnExecuteReport_Click(object sender, EventArgs e)
{
byte[] report;
//Create an instance of the Reporting Services Web Reference
localhost.ReportExecutionService rsv = new localhost.ReportExecutionService();
//Create the credentials that will be used when accessing Reporting Services
//This must be a logon that has rights to the Customers Report
rsv.Credentials = System.Net.CredentialCache.DefaultCredentials;
rsv.PreAuthenticate = true;
//The Reporting Services virtual path to the report.
string reportPath = @"/ReportFolder/Customers";
//The rendering format for the report
string reportFormat = "HTML4.0";
//The devInfo string tells the report viewer how to display with the report
StringBuilder deviceInfoBuilder = new StringBuilder();
deviceInfoBuilder.Append(@"<DeviceInfo>");
deviceInfoBuilder.Append(@"<Toolbar>");
deviceInfoBuilder.Append(@"False");
deviceInfoBuilder.Append(@"</Toolbar>");
deviceInfoBuilder.Append(@"<Parameters>");
deviceInfoBuilder.Append(@"False");
deviceInfoBuilder.Append(@"</Parameters>");
deviceInfoBuilder.Append(@"<DocMap>");
deviceInfoBuilder.Append(@"True");
deviceInfoBuilder.Append(@"</DocMap>");
deviceInfoBuilder.Append(@"<Zoom>");
deviceInfoBuilder.Append(@"100");
deviceInfoBuilder.Append(@"</Zoom>");
deviceInfoBuilder.Append(@"</DeviceInfo>");
string deviceInfo = deviceInfoBuilder.ToString();
//Create an array of the values for the report parameters
localhost.ParameterValue[] parameters = new localhost.ParameterValue[1];
localhost.ParameterValue parameterValue = new localhost.ParameterValue();
parameterValue.Name = "@WTRKCustomerCode";
parameterValue.Value = "B34186";
parameters[0] = parameterValue;
//Create variables for the remainder of the parameters
string historyId = string.Empty;
string credentials = string.Empty;
string showHideToggle = string.Empty;
string extension = string.Empty;
string mimeType = string.Empty;
string encoding = string.Empty;
localhost.Warning[] warnings;
localhost.ParameterValue[] reportHistoryParameters;
string[] streamIds;
localhost.ExecutionInfo execInfo = new WebReportTester.localhost.ExecutionInfo();
localhost.ExecutionHeader execHeader = new WebReportTester.localhost.ExecutionHeader();
rsv.ExecutionHeaderValue = execHeader;
execInfo = rsv.LoadReport(reportPath, null);
rsv.SetExecutionParameters(parameters, "en-us");
try
{
//Execute the Report
report = rsv.Render(reportFormat, deviceInfo, out extension, out mimeType, out encoding, out warnings, out streamIds);
//Flush the pending response
Response.Clear();
//Set the HTTP Headers for a PDF response.
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ContentType = "text/html";
//Filename is the default filename displayed
//if the user does a save as.
HttpContext.Current.Response.AppendHeader("Content-Disposition", "Customers.htm");
//Send the byte array containing the report as a binary response.
HttpContext.Current.Response.BinaryWrite(report);
HttpContext.Current.Response.End();
}
catch (Exception ex)
{
if(ex.Message != "Thread was being aborted.")
{
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ContentType = "text/html";
StringBuilder errorMessageBuilder = new StringBuilder();
errorMessageBuilder.Append(@"<HTML>");
errorMessageBuilder.Append(@"<BODY>");
errorMessageBuilder.Append(@"<H1>");
errorMessageBuilder.Append(@"Error");
errorMessageBuilder.Append(@"</H1>");
errorMessageBuilder.Append(@"<BR>");
errorMessageBuilder.Append(@"<BR>");
errorMessageBuilder.Append(ex.Message);
errorMessageBuilder.Append(@"</BODY>");
errorMessageBuilder.Append(@"</HTML>");
string errorMessage = errorMessageBuilder.ToString();
HttpContext.Current.Response.Write(@errorMessage);
HttpContext.Current.Response.End();
}
}
}
Any direction here related to best practices on setting up users for code use with
ASP.NET applications would be greatly appreciated...
Thanks in advance...
I know from searching this forum that there have been many variations of the issue I'm currently suffering, but I haven't found anything quite like mine or a solution to solve it. The issue I'm running into is that I am unable to log on to Reporting Services using Management Studio or the web interface when Windows Integrated Security is enabled. I have full functionality using basic security, but the risks involved make it impossible to deploy basic authentication out into production. The error I'm receiving in Management Studio is The request failed with HTTP status 401: Unauthorized. (Microsoft.SqlServer.Management.UI.RSClient). I recieve the same error when I try the web interface.
I've looked the most recent logfile in WindowsSystem32LogFilesW3SVC1 and these entries match up to the time I attempted my authentication.
Code Snippet
2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 301 0 0
2008-05-12 20:30:42 <Edited: Server IP> GET /reports/ - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:46 <Edited: Server IP> GET /reports/home.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 302 0 0
2008-05-12 20:30:46 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248
2008-05-12 20:30:50 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 500 0 0
2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0
2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0
I tried to highlight one of each of the HTTP errors I am getting. 401.2 and 401.1 are the ones I kind of expected, but have no idea why I'm getting them. The 500 0 error is a bit troubling, because unless I'm mistaken thats a server side error.
Here's my current setup. As far as I can tell, I've done everything to set up correctly for Windows Integerated security.
My Specs
The server machine running all SQL 2005 services. It resides in a domain. All Clients are in the same domain.
Intel Dual Processor 3.20 gig Xenon
Windows Server 2003 w/ SP2
Microsoft Sql Server 2005 w/ SP2
Reporting Services Setup
The virtual directories Reports and ReportServer are set to Windows Integrated Security with Anonymous Access disabled. All other checkboxes in Directory Security are unchecked. For permissions in Reports, I have:
Administrators (servernameAdministrators) - Full Control
ASP.NET Machine Account - Modify, Read & Execute, List Folder Contents, Read, Write
Authenticated Users - Modify, Read & Execute, List Folder Contents, Read, Write
Creator Owner - No permissions
Domain Users - Read & Execute, List Folder Contents, Read
SQLServer2005ReportingServices]WebServiceUsers$... - Read & Execute, List Folder Contents, Read
SQLServer2005ReportServerUsers$... - Read & Execute, List Folder Contents, Read
SYSTEM - Full Control
Users (CompNameUsers) - Read & Execute, List Folder Contents, Read
In ReportServer I have the same permissions except Authenticated Users is absent.
At one point, I even added the account Everybody and gave it full control, and I still recieved a HTTP 401 error. Any help at what I might be missing would be a godsend.
Thanks.
I am trying to fetch the sharepoint list data into the SSRS report.
I have given credentials in shared datasource to access remote datasource.
In preview i m getting the following error:
Data extension supports windows integrated security and no credentials only.
I do a clean install of SQL Server + RS + SP1 with standard setup on Windows Server 2003. I create a simple report (select * from aTable). This report (actually any report) shows the error message "For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."
This has to do with security settings in Windows Server 2003. On Windows XP everything works fine.
Any help would be greatly appreciated. Thanks!
Edit: The reports do work in the preview tab in BIDS.
Is there a way to see Report-Level variables in Report Builder 3.0? Also, just as a feedback, it would be really nice if there were a way to see and easily access all of the variables used in a report from one location instead of going to the dataset, the report, and then to the individual groups (if needed) to see the variables. Also, it would be very useful if Group-level variables can show up in the Expression Builder as well.
View 2 Replies View RelatedI am looking for a way to implement row level security on my SQL Server 2005 Express database. Thanks in advance for any input.
View 1 Replies View RelatedHow can I apply security on row level ?
I want to use internal SQLSever users and roles.
Some users or roles should have only access to a limited numbers of rows.
The table contains a field "Company" and there are several companies.
The users should have acces only to their own company.
Thanks
Hi Folks,
I have the following Problem:
( not simular to
http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=101916 )
In one Table ( Objects ) exists an Id to my internal Security Tables, where the combination of many Features together results in, which Data the user could see.
Today, i use only one SQL Account and the Security ist solved in my Application,
In an SP is a where Clause generated, every SQL Statement is extended whitch this where clause.
This work fine, but everyone with SQL User and PW could see everything this the Query Analyser or Management Studio.
The perfect solition could be:
Several Usergroups should have Access to my DB.
Only a few Views / SP where execuable for these Usergroups.
The Application calls alway the same View / SP an depending on the Login the Data ist filtered in the right way.
Is ist possible to filter a view with dynamic SQL ?
2.nd Question:
Is it possible to restrict Users / roles depending on the Network IP Address / Network Mask ?
The Security Problem only exists, when Users with VPN are connecting, internal Users always have full access.
Thanks an greeting from Germany,
Markus
How can I implement "Row Level Security" in SQL Server 2000?Thanks alot.
View 1 Replies View RelatedI am attempting to create a view only user in Report Manager which can only view and run reports from a single directory. I have the following configured:
Active directory Group: DomainReport Users - Group Scope: Global; Group Type: Security; Member of: <none>
Active directory User: DomainReportUser - Member of: DomainReport Users group
Default web site Reports virtual directory: Directory security: Integrated Windows Authentication only
Default web site ReportServer virtual directory: Directory security: Enable Anonymous Access (user: domainadministrator) & Integrated Windows Authentication
Report Manager
Site Settings->Item-level roles: New role: Report Viewer; view folders and view reports only items selected
ReportFolder(Report Manager folder with reports): Properties->Security: Added DomainReportUser with Report Viewer role
When I go to my Report Manager site (e.g. http://url/reports) I get the Windows security form, in which I enter the DomainReportUser credentials. However, after I log in I have full rights to all folders and functions of Report Manager, as if I logged in as BuiltinAdministrator.
At what level of security is this breaking down? As far as role-based, I believe DomainReportUser should only have access to limited resources of Report Manager when logging on. What is allowing him to have Content Manager control of Report Manager? Is there a better way to set up a "view reports only" user access to Report Manager?
Thanks
Posting again in hopes that someone has a solution..
I've set up a sales report that is by territory. Two tables one of which has
sales detail records and another table with Sales Rep info, including territory and
login.. The two tables are joined by state. What I need to be able to do is schedule
this report to run on Reporting services(Already setup) and only allow the reps
to view a snapshot, don't want anyone executing the report again. Additionally,
I need them to only see the territory that they are responsible for. Does anyone
have a solution for this.
Thx again
Can I set up the security so that a user could only see certain records (a filter)?
TIA!
Database level password security
View 2 Replies View Related
Hey,
I have 3 columns in a table Ex:
Select Column1,Column2,Column from TableName
No. 1. Person A should have permission to read values only (Column1, Column3 of the table) -
2. Person B, should have permission to read only (Column 2).
Here my question is , I have to write one single stored procedure to statisfy both conditions. Which means, if person A execute this stored procedure , he shoud get only column 1 & 3 values . similarly other person b should get column 2 value. Ex:
Column 1 - Empid
Column 2 - SSN (Only for Top user display)
Column 3 - Join Date
Person A & B as a SQL or Windows login
Thanks
In database we are planning to implement row level security.For this we need to create users or we need create login for each one?
View 1 Replies View RelatedHi Experts,
Hi experts,
I have a BI Reporting scenario, wherein i have to fetch Reports from analysis Services.
when the user tries to access a report, he should be validated uisng the Windows Authentication ID, and only data specific to that user should be display.
I am not sure if this user authentication is to be done on analysis Services/reporting services.
Any suggestions/pointers would be highly appreciated.
Thanks
Alicia Rose
I need to secure a datawarehouse table at the row level based on 1 tomany keys on that table. A user should only see the rows they haveaccess to. I need to be able to figure out which rows they have accessto using a single sql statement and it cannot be dynamic SQL or astored procedure (this is a limitation based on the reporting tool weuse).The conditions can be any combination of "and" and "or" operators. Ihave seen posts (and actually have three of his books) by Joe celkodescribing disjunctive canonical form. If not familiar please clickthe link below.http://groups.google.com/group/comp...db6abcfa6209d2fA rules table in disjunctive canonical form looks like it mightpotentially be a solution, but I can't figure out how to use it acrossmultiple keys.Here ia an example of what I am trying to do including current tablestructures and sample data. I cannot really change the generic_facttable schema, but the security cross reference table can be modified oraditional tables added.CREATE TABLE generic_fact (generic_fact_key int NOT NULL ,salesrep_key int NOT NULL ,product_key int NOT NULL ,customer_key int NOT NULL ,sales_amount decimal(18, 0) NOT NULL ,CONSTRAINT PK_generic_fact PRIMARY KEY(generic_fact_key))GOinsert into generic_fact values(1,1,10,20,45)insert into generic_fact values(2,1,10,21,90)insert into generic_fact values(3,1,11,22,17)insert into generic_fact values(4,2,10,20,32)insert into generic_fact values(5,2,13,25,6)insert into generic_fact values(6,2,12,24,56)insert into generic_fact values(7,3,11,34,75)CREATE TABLE security_cross_reference (cross_ref_key int NOT NULL ,user_key int NOT NULL ,security_type varchar (50) NOT NULL ,security_value int NOT NULL ,security_operator varchar (20) NOT NULL ,CONSTRAINT PK_security_cross_reference PRIMARY KEY(cross_ref_key))GOinsert into security_cross_reference values(1,1,'product',10,'or')insert into security_cross_reference values(2,1,'customer',21,'or')insert into security_cross_reference values(3,2,'customer',20,'and')insert into security_cross_reference values(4,3,'salesrep',3,'and')insert into security_cross_reference values(5,4,'salesrep',1,'and')insert into security_cross_reference values(6,4,'customer',22,'and')insert into security_cross_reference values(7,4,'product',11,'and')So based on the data in the security cross reference tableUser 1 can see sales for customer 21 or product 10(generic_fact table rows that have generic_fact_key values of 1,2,and4)User 2 can see sales for customer 20(generic_fact table rows that have generic_fact_key values of 1 and 4)User 3 can see sales for salesrep 3(generic_fact table rows that have a generic_fact_key value of 7)User 4 can see sales for salesrep 1 and product 11 and customer 22(generic_fact table rows that have a generic_fact_key value of 3)Does anyone have any ideas on the best way to do this?
View 3 Replies View Related
Hi,
I am trying to find the best way to implement a complex column based security.
Basically i need to secure data among lot of tables with millions of rows, so that some users may see some columns and others see diferent ones...
Whats the best way to implement this kind of procedure securely and flexible?
Best Regards,