I just installed the evaluation version and am comparing it to Crystal
Reports. I can't seem to figure out the user level security.
My set-up:
Web server Win2003: Has IIS6 and Report server
DB SQL Server Win 2003: has Sql Server 2k
These boxes are not on a domain, they are test machines.
I open the report server up and get the home page, I can add folder, files,
etc but I no user level security. I went into site settings and all I can
find is roles, but no logins, etc.' I can go to the site and do everything
with no login?
Help.you are correct. Where you've gone awry is the difference between
authentication and authorization.
authentication is the process of determining who you are, most commonly done
via a username and password.
authorization is the process of determining what you can do now that we know
who you are.
In the Reporting Services world, RS relies on external authentication. In
other words, somebody other than RS has to authenticate the user. In most
cases that will be windows. So all user accounts are created in windows.
Users are managed there as per normal.
In the security settings you then create roles. Those roles have specific
permissions on report items etc. You then assign windows users and groups
these roles.
So if we take Joe User... His user account is maintained in windows (userID,
Password etc) either at the domain or the server level. Joe's account is
then assigned to roles in RS which determine what he can do with RS.
Make sense?
Regards,
Rob Labbé, MCP, MCAD, MCSD, MCT
Lead Architect/Trainer
Fidelis
Blog: http://spaces.msn.com/members/roblabbe
"Chris" <Chris@.discussions.microsoft.com> wrote in message
news:B6C6072D-63BC-422F-9DF9-A4400B300EF8@.microsoft.com...
>I just installed the evaluation version and am comparing it to Crystal
> Reports. I can't seem to figure out the user level security.
> My set-up:
> Web server Win2003: Has IIS6 and Report server
> DB SQL Server Win 2003: has Sql Server 2k
> These boxes are not on a domain, they are test machines.
> I open the report server up and get the home page, I can add folder,
> files,
> etc but I no user level security. I went into site settings and all I can
> find is roles, but no logins, etc.' I can go to the site and do
> everything
> with no login?
> Help.|||then why is there several tables that house roles, users, and their assigned
roles then is Sql Server?
Also, Crystal take sit to the lowest level via a "Universe" to a record
level. Does MS Report Serv. not do this either?
Are you saying that I have to add everyone to the windows box? That doesn't
make sense for web reporting, the IUSR account can access everything?
thanx.
"Rob Labbe (Lowney)" wrote:
> you are correct. Where you've gone awry is the difference between
> authentication and authorization.
> authentication is the process of determining who you are, most commonly done
> via a username and password.
> authorization is the process of determining what you can do now that we know
> who you are.
> In the Reporting Services world, RS relies on external authentication. In
> other words, somebody other than RS has to authenticate the user. In most
> cases that will be windows. So all user accounts are created in windows.
> Users are managed there as per normal.
> In the security settings you then create roles. Those roles have specific
> permissions on report items etc. You then assign windows users and groups
> these roles.
> So if we take Joe User... His user account is maintained in windows (userID,
> Password etc) either at the domain or the server level. Joe's account is
> then assigned to roles in RS which determine what he can do with RS.
> Make sense?
> Regards,
>
> --
> Rob Labbé, MCP, MCAD, MCSD, MCT
> Lead Architect/Trainer
> Fidelis
> Blog: http://spaces.msn.com/members/roblabbe
> "Chris" <Chris@.discussions.microsoft.com> wrote in message
> news:B6C6072D-63BC-422F-9DF9-A4400B300EF8@.microsoft.com...
> >I just installed the evaluation version and am comparing it to Crystal
> > Reports. I can't seem to figure out the user level security.
> > My set-up:
> > Web server Win2003: Has IIS6 and Report server
> > DB SQL Server Win 2003: has Sql Server 2k
> >
> > These boxes are not on a domain, they are test machines.
> >
> > I open the report server up and get the home page, I can add folder,
> > files,
> > etc but I no user level security. I went into site settings and all I can
> > find is roles, but no logins, etc.' I can go to the site and do
> > everything
> > with no login?
> >
> > Help.
>
>|||As you've discovered, the security model is vastly different in RS as
compared to Crystal. You're going to drive yourself nuts if you try to do a
one-to-one mapping of security features between the two.
You're best bet is to look at the end result you're after, not "how" it was
implemented in Crystal. Then look at RS security and set it up to get the
same end result. If you describe your scenario, and what the result you're
after is, we may be able to help you out here.
Regards,
Rob Labbé, MCP, MCAD, MCSD, MCT
Lead Architect/Trainer
Fidelis
Blog: http://spaces.msn.com/members/roblabbe
"Chris" <Chris@.discussions.microsoft.com> wrote in message
news:65196924-819E-4F4E-AD10-78D60F4A729C@.microsoft.com...
> then why is there several tables that house roles, users, and their
> assigned
> roles then is Sql Server?
> Also, Crystal take sit to the lowest level via a "Universe" to a record
> level. Does MS Report Serv. not do this either?
> Are you saying that I have to add everyone to the windows box? That
> doesn't
> make sense for web reporting, the IUSR account can access everything?
> thanx.
> "Rob Labbe (Lowney)" wrote:
>> you are correct. Where you've gone awry is the difference between
>> authentication and authorization.
>> authentication is the process of determining who you are, most commonly
>> done
>> via a username and password.
>> authorization is the process of determining what you can do now that we
>> know
>> who you are.
>> In the Reporting Services world, RS relies on external authentication.
>> In
>> other words, somebody other than RS has to authenticate the user. In
>> most
>> cases that will be windows. So all user accounts are created in windows.
>> Users are managed there as per normal.
>> In the security settings you then create roles. Those roles have
>> specific
>> permissions on report items etc. You then assign windows users and
>> groups
>> these roles.
>> So if we take Joe User... His user account is maintained in windows
>> (userID,
>> Password etc) either at the domain or the server level. Joe's account is
>> then assigned to roles in RS which determine what he can do with RS.
>> Make sense?
>> Regards,
>>
>> --
>> Rob Labbé, MCP, MCAD, MCSD, MCT
>> Lead Architect/Trainer
>> Fidelis
>> Blog: http://spaces.msn.com/members/roblabbe
>> "Chris" <Chris@.discussions.microsoft.com> wrote in message
>> news:B6C6072D-63BC-422F-9DF9-A4400B300EF8@.microsoft.com...
>> >I just installed the evaluation version and am comparing it to Crystal
>> > Reports. I can't seem to figure out the user level security.
>> > My set-up:
>> > Web server Win2003: Has IIS6 and Report server
>> > DB SQL Server Win 2003: has Sql Server 2k
>> >
>> > These boxes are not on a domain, they are test machines.
>> >
>> > I open the report server up and get the home page, I can add folder,
>> > files,
>> > etc but I no user level security. I went into site settings and all I
>> > can
>> > find is roles, but no logins, etc.' I can go to the site and do
>> > everything
>> > with no login?
>> >
>> > Help.
>>|||if there is no central login then how do you restrict it as a web app in the
manager? The roles don't appear to be machine or AD roles?
Are we saying that all users get "everything".
I'm still not seeing this. I thought maybe the eval version doesn't have
login dilaogs or something?
thanx.
"Rob Labbe (Lowney)" wrote:
> As you've discovered, the security model is vastly different in RS as
> compared to Crystal. You're going to drive yourself nuts if you try to do a
> one-to-one mapping of security features between the two.
> You're best bet is to look at the end result you're after, not "how" it was
> implemented in Crystal. Then look at RS security and set it up to get the
> same end result. If you describe your scenario, and what the result you're
> after is, we may be able to help you out here.
> Regards,
>
> --
> Rob Labbé, MCP, MCAD, MCSD, MCT
> Lead Architect/Trainer
> Fidelis
> Blog: http://spaces.msn.com/members/roblabbe
> "Chris" <Chris@.discussions.microsoft.com> wrote in message
> news:65196924-819E-4F4E-AD10-78D60F4A729C@.microsoft.com...
> > then why is there several tables that house roles, users, and their
> > assigned
> > roles then is Sql Server?
> > Also, Crystal take sit to the lowest level via a "Universe" to a record
> > level. Does MS Report Serv. not do this either?
> >
> > Are you saying that I have to add everyone to the windows box? That
> > doesn't
> > make sense for web reporting, the IUSR account can access everything?
> >
> > thanx.
> >
> > "Rob Labbe (Lowney)" wrote:
> >
> >> you are correct. Where you've gone awry is the difference between
> >> authentication and authorization.
> >>
> >> authentication is the process of determining who you are, most commonly
> >> done
> >> via a username and password.
> >>
> >> authorization is the process of determining what you can do now that we
> >> know
> >> who you are.
> >>
> >> In the Reporting Services world, RS relies on external authentication.
> >> In
> >> other words, somebody other than RS has to authenticate the user. In
> >> most
> >> cases that will be windows. So all user accounts are created in windows.
> >> Users are managed there as per normal.
> >>
> >> In the security settings you then create roles. Those roles have
> >> specific
> >> permissions on report items etc. You then assign windows users and
> >> groups
> >> these roles.
> >>
> >> So if we take Joe User... His user account is maintained in windows
> >> (userID,
> >> Password etc) either at the domain or the server level. Joe's account is
> >> then assigned to roles in RS which determine what he can do with RS.
> >>
> >> Make sense?
> >>
> >> Regards,
> >>
> >>
> >> --
> >> Rob Labbé, MCP, MCAD, MCSD, MCT
> >> Lead Architect/Trainer
> >> Fidelis
> >>
> >> Blog: http://spaces.msn.com/members/roblabbe
> >>
> >> "Chris" <Chris@.discussions.microsoft.com> wrote in message
> >> news:B6C6072D-63BC-422F-9DF9-A4400B300EF8@.microsoft.com...
> >> >I just installed the evaluation version and am comparing it to Crystal
> >> > Reports. I can't seem to figure out the user level security.
> >> > My set-up:
> >> > Web server Win2003: Has IIS6 and Report server
> >> > DB SQL Server Win 2003: has Sql Server 2k
> >> >
> >> > These boxes are not on a domain, they are test machines.
> >> >
> >> > I open the report server up and get the home page, I can add folder,
> >> > files,
> >> > etc but I no user level security. I went into site settings and all I
> >> > can
> >> > find is roles, but no logins, etc.' I can go to the site and do
> >> > everything
> >> > with no login?
> >> >
> >> > Help.
> >>
> >>
> >>
>
>|||Role and groups are two different things. I do the following. I create a
local group called Reports. For that group I add either individual users or
I add domain groups. Then in the home page of Report Manager, Properties,
New Role Assignment. For the user/group I put in Reports (the local group I
created previously) and I give it Browse rights.
RS is totally integrated with Windows security. If you are not going to be
using that (for instance over the internet) then you need to create your own
authentication that you integrate in with Reporting Service. Search the
books on line on authentication. Lots of good info. Just remember,
authentication and roles are two different thing. Once someone is
authenticated to be in a particular group (or authenticated to be a
particular user) then RS allows them rights based on the role assignment for
that group/user.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Chris" <Chris@.discussions.microsoft.com> wrote in message
news:7DABBC90-778B-4991-8177-1E7495A87788@.microsoft.com...
> if there is no central login then how do you restrict it as a web app in
the
> manager? The roles don't appear to be machine or AD roles?
> Are we saying that all users get "everything".
> I'm still not seeing this. I thought maybe the eval version doesn't have
> login dilaogs or something?
> thanx.
> "Rob Labbe (Lowney)" wrote:
> > As you've discovered, the security model is vastly different in RS as
> > compared to Crystal. You're going to drive yourself nuts if you try to
do a
> > one-to-one mapping of security features between the two.
> >
> > You're best bet is to look at the end result you're after, not "how" it
was
> > implemented in Crystal. Then look at RS security and set it up to get
the
> > same end result. If you describe your scenario, and what the result
you're
> > after is, we may be able to help you out here.
> >
> > Regards,
> >
> >
> > --
> > Rob Labbé, MCP, MCAD, MCSD, MCT
> > Lead Architect/Trainer
> > Fidelis
> >
> > Blog: http://spaces.msn.com/members/roblabbe
> >
> > "Chris" <Chris@.discussions.microsoft.com> wrote in message
> > news:65196924-819E-4F4E-AD10-78D60F4A729C@.microsoft.com...
> > > then why is there several tables that house roles, users, and their
> > > assigned
> > > roles then is Sql Server?
> > > Also, Crystal take sit to the lowest level via a "Universe" to a
record
> > > level. Does MS Report Serv. not do this either?
> > >
> > > Are you saying that I have to add everyone to the windows box? That
> > > doesn't
> > > make sense for web reporting, the IUSR account can access everything?
> > >
> > > thanx.
> > >
> > > "Rob Labbe (Lowney)" wrote:
> > >
> > >> you are correct. Where you've gone awry is the difference between
> > >> authentication and authorization.
> > >>
> > >> authentication is the process of determining who you are, most
commonly
> > >> done
> > >> via a username and password.
> > >>
> > >> authorization is the process of determining what you can do now that
we
> > >> know
> > >> who you are.
> > >>
> > >> In the Reporting Services world, RS relies on external
authentication.
> > >> In
> > >> other words, somebody other than RS has to authenticate the user.
In
> > >> most
> > >> cases that will be windows. So all user accounts are created in
windows.
> > >> Users are managed there as per normal.
> > >>
> > >> In the security settings you then create roles. Those roles have
> > >> specific
> > >> permissions on report items etc. You then assign windows users and
> > >> groups
> > >> these roles.
> > >>
> > >> So if we take Joe User... His user account is maintained in windows
> > >> (userID,
> > >> Password etc) either at the domain or the server level. Joe's
account is
> > >> then assigned to roles in RS which determine what he can do with RS.
> > >>
> > >> Make sense?
> > >>
> > >> Regards,
> > >>
> > >>
> > >> --
> > >> Rob Labbé, MCP, MCAD, MCSD, MCT
> > >> Lead Architect/Trainer
> > >> Fidelis
> > >>
> > >> Blog: http://spaces.msn.com/members/roblabbe
> > >>
> > >> "Chris" <Chris@.discussions.microsoft.com> wrote in message
> > >> news:B6C6072D-63BC-422F-9DF9-A4400B300EF8@.microsoft.com...
> > >> >I just installed the evaluation version and am comparing it to
Crystal
> > >> > Reports. I can't seem to figure out the user level security.
> > >> > My set-up:
> > >> > Web server Win2003: Has IIS6 and Report server
> > >> > DB SQL Server Win 2003: has Sql Server 2k
> > >> >
> > >> > These boxes are not on a domain, they are test machines.
> > >> >
> > >> > I open the report server up and get the home page, I can add
folder,
> > >> > files,
> > >> > etc but I no user level security. I went into site settings and all
I
> > >> > can
> > >> > find is roles, but no logins, etc.' I can go to the site and do
> > >> > everything
> > >> > with no login?
> > >> >
> > >> > Help.
> > >>
> > >>
> > >>
> >
> >
> >|||There is a Reporting Services 2005 book screaming to be written, here -
I know I'd buy multiple copies for work if someone could clearly
present this topic.
As is, it would make Oppenheimer stagger across the room for a
Tylenol...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment