Post reply

Newbie question about access

  • May 2, 2017 at 5:08 am

    #336709

    Hi all,

    We run a shared application in IIS on .net. I am looking for a way to provide user generated reports that application admins can access via a browser and create reports.
    The kicker is that each admin will be accessing the same database from different URLS and must only have access to data assigned to that URL via applicationIDs that are stored within each row in the DBs.
    Before I delve into reporting services for the first time I was wondering if this sort of partitioning is even possible. Cursory examination of the setup process suggests not.

    Thanks for any advice.
    Rolf

  • May 2, 2017 at 6:16 am

    #1940686

    kangarolf - Tuesday, May 2, 2017 5:08 AM

    Hi all,

    We run a shared application in IIS on .net. I am looking for a way to provide user generated reports that application admins can access via a browser and create reports.
    The kicker is that each admin will be accessing the same database from different URLS and must only have access to data assigned to that URL via applicationIDs that are stored within each row in the DBs.
    Before I delve into reporting services for the first time I was wondering if this sort of partitioning is even possible. Cursory examination of the setup process suggests not.

    Thanks for any advice.
    Rolf

    If you want it to be automated, Row-Level Security would be the option. However, that's only available on SQL Server 2016.
    For some manual control, you can use views on different schemas. Depending on how you can validate the permissions, your object count can go exponentially high or you might need to just add a few of them.
    One last option is to define the reports yourself or assign them to a team, so the admins won't have the ability to create or modify them to access data they shouldn't access.

    Be sure that the reports and urls are not the only security to prevent unauthorized users to access data they shouldn't.

    Luis C.
    General Disclaimer:
    Are you seriously taking the advice and code from someone from the internet without testing it? Do you at least understand it? Or can it easily kill your server?

    How to post data/code on a forum to get the best help: Option 1 / Option 2

  • May 2, 2017 at 7:36 am

    #1940703

    Hi there,

    thanks for taking the time to reply.

    Creating lots of views for each possible table structure for each application is probably more work than what I do now manually. We are on 2012 so no row level security.

    I seem to be running into this problem everywhere and it might be a case of rolling my own and integrating with a decent graphing library as everything I look at is designed around the assumption that you want to give access to the database rather than to certain rows.

    If anyone knows anything that might help I'd love to hear about it.

    Thanks
    Rolf

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply