Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Permission on reporting server Expand / Collapse
Author
Message
Posted Tuesday, December 18, 2012 11:38 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, November 21, 2014 5:22 PM
Points: 1,790, Visits: 3,252
I would like to setup a windows group of people to view reports on a SSRS report server.
They can navigate the folders and view the reports.

I know I need to setup item-level permission to the folder and give them browser permission.

My question is: do I also need to add them to system level as a system user?
Is that a required step for permission to work?

Thanks
Post #1397964
Posted Tuesday, December 18, 2012 8:18 PM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Yesterday @ 5:46 AM
Points: 3,995, Visits: 7,172
do I also need to add them to system level as a system user?
Do you mean on the SQL Server box itself? If so, no. If you are using Active Directory and the Windows group has been added and granted the appropriate permissions, it will suffice.


______________________________________________________________________________
"Never argue with an idiot; They'll drag you down to their level and beat you with experience"
Post #1398118
Posted Wednesday, December 19, 2012 10:17 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, November 21, 2014 5:22 PM
Points: 1,790, Visits: 3,252
But I read from this site: http://msdn.microsoft.com/en-us/library/aa337385(v=sql.105).aspx
it says: Each user who requires access to a report server should have a system-level role assignment
also: b.Assign the System User role to all other users

Here I don't quite understand when it says requires access to report server, if I only want to grant permission to people to view the reports on the report server, does it mean "require access to report server", and do they have to be granted system_level access, then they can browse reports?

Thanks
Post #1398533
Posted Wednesday, December 19, 2012 10:40 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Yesterday @ 5:46 AM
Points: 3,995, Visits: 7,172
Have you read through these two articles (related)
http://msdn.microsoft.com/en-us/library/aa337491(v=sql.105).aspx
http://msdn.microsoft.com/en-us/library/ms156034(v=sql.105).aspx


______________________________________________________________________________
"Never argue with an idiot; They'll drag you down to their level and beat you with experience"
Post #1398553
Posted Wednesday, December 19, 2012 10:59 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, November 21, 2014 5:22 PM
Points: 1,790, Visits: 3,252
I did, but I still did not get my question answered.

In the above article you give me:
it also says:

The two types of roles complement each other and should be used together. For this reason, adding a user to a report server is a two-part operation. If you assign a user to an item-level role, you should also assign them to a system-level role

So my understanding is even I just want to grant users to view reports, which is item-level access, I still need to add the users to system -level,

is this correct?

thanks
Post #1398562
Posted Thursday, December 20, 2012 8:09 PM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Friday, November 14, 2014 1:47 AM
Points: 19, Visits: 299
I manage permissions using ad groups to specific folders and none of them are system users and have had no complaints. Would be interested to see if I am doing something wrong though.
Post #1399155
Posted Thursday, December 20, 2012 9:17 PM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Yesterday @ 5:46 AM
Points: 3,995, Visits: 7,172
I'm not certain where the disconnect is happening but again, I just set users up via the report manager granting the permissions I'd like them to have at the folder level (role assignments)

I'd created an Accounting Reporting folder, then grant permissions based upon the Windows Active Directory security group that contains just the members I want to have access to it

Example: MYDOMAIN\Accounting Reporting
Role(s): Browser


______________________________________________________________________________
"Never argue with an idiot; They'll drag you down to their level and beat you with experience"
Post #1399170
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse