App Authentication for Report Access vs. Windows Authentication
-
Let me start off by saying that I could fit what I know about RS on the back of my business card.
That having been said, our SQL SA group set up a test RS instance. I was talking with them about using it, but they insist the only way to control access to reports is via Windows credentials. This would require me to identify each report user, their role, construct groups, etc. This seems like a really labor intensive process. Every time someone new joins a dept or leaves a dept I have to update all the RS groups for their apps? I don't think so.
All our apps access SQL Server using a single SQL userid for the application, one per application. We authenticate people and their roles within the app, allowing the app's administrators to set who has access to what. Is there a way to do this with RS that isn't inherently insecure? I can see setting up all reports as "public" reports, controlling access via the app and hoping nobody figures out how to access reports directly without going through the app. Is there a way, similar to SQL Server, to set up one userid/password to access a set of reports and then determine user access within the application?
-
I'm not sure if I am fully understanding what you truly want to do, but I'll tell you what I did - right or wrong.
For the datasource of my reports for a specific application, I set the datasource credentials to a userid/password in that SQL database - as opposed to using windows authentication.
In Active Directory, I created a group and add members who should have access to the reports to this group. I also created a group for administrators of the reports and assign appropriate users.
In the Report Manager, I set the security so that the "viewers" group has "browser" access and the "administrators" group has "content manager" access.
This way, I only have to maintain one userid in the sql database to have access to the data and a couple groups in Active Directory to control access to the reports.
Hope that helps, otherwise, sorry for the confusion.
-Megan
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply