|
|
You're in the
sql server reporting services
group:Custom Security Roles
sql server reporting services:
I am trying to implement forms authentication in reporting services and I
would like to use the report manager for rendering reports. What I don't want to use is the built-in tools for item level and system level security. Is there a way to get information as to which item is being accessed in the Getpermissions and CheckAccess function so I can check my custom database for
Brent,
I don't think you need to know the item accessed because the CheckAccess overload is scoped at an item level. In other words, if the user tries to run a report A, the Report Server will pass the security descriptor for report A only. The job of the security extension is to find out if the user has rights to carry the action by examing the security descriptor. Any yes, you can use application-defined role membership policies to simplify the user maintanance. I have a two-part article in the works for the SQL Magazine which discusses Forms Authentication in detail. It should be out in January-February issues I think. -- Hope this helps. --------------------------------------------- Teo Lachev, MVP [SQL Server], MCSD, MCT Author: "Microsoft Reporting Services in Action" Publisher website: http://www.manning.com/lachev Buy it from Amazon.com: http://shrinkster.com/eq Home page and blog: http://www.prologika.com/ --------------------------------------------- [quoted text, click to view] "Brent Slezak" <Brent Slezak@discussions.microsoft.com> wrote in message news:4614209E-953D-4A4B-B2BD-96EFE79FFDAC@microsoft.com... > I am trying to implement forms authentication in reporting services and I > would like to use the report manager for rendering reports. What I don't > want to use is the built-in tools for item level and system level security. > > Is there a way to get information as to which item is being accessed in the > Getpermissions and CheckAccess function so I can check my custom database for > authorization?
Teo,
First of all, I want to thank you for your prompt response to my question and I will be looking for that article when it comes out. Let me go into further detail as to the situation with the reporting services and how I would like to use them. I currrently have a proprietary security system setup for my enterprise-scale application that manages thousands of users and groups and tens of thousands of roles. I don't want to have to re-define that information in the ReportSErver database. Actually I would like it if I had absolutly no security definition at all in the ReportServer database. That being said. How would I get the unique identifier of the object (i.e. report,folder,datasource) being accessed so that I can cross-reference MyDatabase1 for security access. In a nutshell I want to be able to use the report manager for the report rendering and not for managing role-based security. I think building our own custom rendering UI is the only logical alternative. Please let me know what you would consider the best option with this scenario. Thank you in advance for your input. Brent [quoted text, click to view] "Teo Lachev [MVP]" wrote:
> Brent, > > I don't think you need to know the item accessed because the CheckAccess > overload is scoped at an item level. In other words, if the user tries to > run a report A, the Report Server will pass the security descriptor for > report A only. The job of the security extension is to find out if the user > has rights to carry the action by examing the security descriptor. Any yes, > you can use application-defined role membership policies to simplify the > user maintanance. > > I have a two-part article in the works for the SQL Magazine which discusses > Forms Authentication in detail. It should be out in January-February issues > I think. > > -- > Hope this helps. > > --------------------------------------------- > Teo Lachev, MVP [SQL Server], MCSD, MCT > Author: "Microsoft Reporting Services in Action" > Publisher website: http://www.manning.com/lachev > Buy it from Amazon.com: http://shrinkster.com/eq > Home page and blog: http://www.prologika.com/ > --------------------------------------------- > > "Brent Slezak" <Brent Slezak@discussions.microsoft.com> wrote in message > news:4614209E-953D-4A4B-B2BD-96EFE79FFDAC@microsoft.com... > > I am trying to implement forms authentication in reporting services and I > > would like to use the report manager for rendering reports. What I don't > > want to use is the built-in tools for item level and system level > security. > > > > Is there a way to get information as to which item is being accessed in > the > > Getpermissions and CheckAccess function so I can check my custom database > for > > authorization? > >
Brent,
I understand your scenario now. Of course, assuming that the reports will be rendered on the server side of the application you don't have an issue since you have an application front end. This is similar to the security scenario I describe in Chapter 13 of my book. However, the real problem is with URL addressability and custom security extension. One approach that may be appropriate in your case is to get the report path from the URL request. This could be similar to the approach I describe in the following thread http://groups.google.com/groups?q=Disable+Hyperlink+in+EXCEL&hl=en&lr=&selm=%23VCcwuh1EHA.1264%40TK2MSFTNGP12.phx.gbl&rnum=1 Once you get the report path, you can get the report identifier (the primary key in table Catalgo) which is what you may want to use in your custom security infrastructure. -- Hope this helps. --------------------------------------------- Teo Lachev, MVP [SQL Server], MCSD, MCT Author: "Microsoft Reporting Services in Action" Publisher website: http://www.manning.com/lachev Buy it from Amazon.com: http://shrinkster.com/eq Home page and blog: http://www.prologika.com/ --------------------------------------------- [quoted text, click to view] "Brent Slezak" <BrentSlezak@discussions.microsoft.com> wrote in message news:3741B21F-0963-457F-8EC6-A1F6403CB514@microsoft.com... > Teo, > > First of all, I want to thank you for your prompt response to my question > and I will be looking for that article when it comes out. > > Let me go into further detail as to the situation with the reporting > services and how I would like to use them. I currrently have a proprietary > security system setup for my enterprise-scale application that manages > thousands of users and groups and tens of thousands of roles. I don't want to > have to re-define that information in the ReportSErver database. Actually I > would like it if I had absolutly no security definition at all in the > ReportServer database. That being said. How would I get the unique > identifier of the object (i.e. report,folder,datasource) being accessed so > that I can cross-reference MyDatabase1 for security access. > > In a nutshell I want to be able to use the report manager for the report > rendering and not for managing role-based security. I think building our own > custom rendering UI is the only logical alternative. > > Please let me know what you would consider the best option with this scenario. > > Thank you in advance for your input. > > Brent > > "Teo Lachev [MVP]" wrote: > > > Brent, > > > > I don't think you need to know the item accessed because the CheckAccess > > overload is scoped at an item level. In other words, if the user tries to > > run a report A, the Report Server will pass the security descriptor for > > report A only. The job of the security extension is to find out if the user > > has rights to carry the action by examing the security descriptor. Any yes, > > you can use application-defined role membership policies to simplify the > > user maintanance. > > > > I have a two-part article in the works for the SQL Magazine which discusses > > Forms Authentication in detail. It should be out in January-February issues > > I think. > > > > -- > > Hope this helps. > > > > --------------------------------------------- > > Teo Lachev, MVP [SQL Server], MCSD, MCT > > Author: "Microsoft Reporting Services in Action" > > Publisher website: http://www.manning.com/lachev > > Buy it from Amazon.com: http://shrinkster.com/eq > > Home page and blog: http://www.prologika.com/ > > --------------------------------------------- > > > > "Brent Slezak" <Brent Slezak@discussions.microsoft.com> wrote in message > > news:4614209E-953D-4A4B-B2BD-96EFE79FFDAC@microsoft.com... > > > I am trying to implement forms authentication in reporting services and I > > > would like to use the report manager for rendering reports. What I don't > > > want to use is the built-in tools for item level and system level > > security. > > > > > > Is there a way to get information as to which item is being accessed in > > the > > > Getpermissions and CheckAccess function so I can check my custom database > > for > > > authorization? > > > > > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |