| Groups | Blog | Home |
sql server reporting services : Beginners questions about Reporting Services Admin
into 'New Role Assignment', I see a 'Group or user name:' textbox. Do I understand this correctly?: Any name I enter for a new role must match an existing SQL Server user or group? (If so I would expect some sort of
No, this has nothing to do with SQL Server. RS is an asp.net application and
it uses roles to manage who gets to run a report, create subscriptions, etc. Assuming that you are using integrated security (the default) then what you are doing is assigning a user or group to a particular role. If you are in the local administrators group for the server (not SQL Server, but the server RS is running on) then you are automatically part of the Content Manager role. When you create a datasource then you deal with the credentials for retrieving the data for the report. So, two different things which is good. Remember, you can connect to many different sources for the data for the reports and they can all be using different credentials for retrieving that data. -- Bruce Loehle-Conger MVP SQL Server Reporting Services [quoted text, click to view] "B. Chernick" <BChernick@discussions.microsoft.com> wrote in message news:18CD1BB0-50CD-422B-8A8B-2770B1B7CBFB@microsoft.com... > I'm looking at the Properties tab of a report In the Report Manager. If I > go > into 'New Role Assignment', I see a 'Group or user name:' textbox. > > Do I understand this correctly?: Any name I enter for a new role must > match > an existing SQL Server user or group? (If so I would expect some sort of > lookup/selection list, which is the main cause for my confusion.)
Yes, you are mapping a Windows user/group to a RS role. What I do is I
create a local group on the box specifically for this. I add individual users and domain groups to that local group. I then assign that group to a role. -- Bruce Loehle-Conger MVP SQL Server Reporting Services [quoted text, click to view] "B. Chernick" <BChernick@discussions.microsoft.com> wrote in message news:6C2052BC-4ACE-4D8F-84A5-A9316D86F0B7@microsoft.com... > Ok, admittedly I am not a security expert. I should have said Windows, > not > SQL Server. Let me rephrase the question. > > Are you saying in the New Role Assignment window, the name I enter in the > 'Group or user name' box must match exactly an existing Windows group or > user? > > (And again I say that I am rather confused that it is a textbox rather > than > a selection list.) > > "Bruce L-C [MVP]" wrote: > >> No, this has nothing to do with SQL Server. RS is an asp.net application >> and >> it uses roles to manage who gets to run a report, create subscriptions, >> etc. >> Assuming that you are using integrated security (the default) then what >> you >> are doing is assigning a user or group to a particular role. If you are >> in >> the local administrators group for the server (not SQL Server, but the >> server RS is running on) then you are automatically part of the Content >> Manager role. >> >> When you create a datasource then you deal with the credentials for >> retrieving the data for the report. >> >> So, two different things which is good. Remember, you can connect to many >> different sources for the data for the reports and they can all be using >> different credentials for retrieving that data. >> >> >> -- >> Bruce Loehle-Conger >> MVP SQL Server Reporting Services >> >> >> "B. Chernick" <BChernick@discussions.microsoft.com> wrote in message >> news:18CD1BB0-50CD-422B-8A8B-2770B1B7CBFB@microsoft.com... >> > I'm looking at the Properties tab of a report In the Report Manager. >> > If I >> > go >> > into 'New Role Assignment', I see a 'Group or user name:' textbox. >> > >> > Do I understand this correctly?: Any name I enter for a new role must >> > match >> > an existing SQL Server user or group? (If so I would expect some sort >> > of >> > lookup/selection list, which is the main cause for my confusion.) >> >> >>
Ok, admittedly I am not a security expert. I should have said Windows, not
SQL Server. Let me rephrase the question. Are you saying in the New Role Assignment window, the name I enter in the 'Group or user name' box must match exactly an existing Windows group or user? (And again I say that I am rather confused that it is a textbox rather than a selection list.) [quoted text, click to view] "Bruce L-C [MVP]" wrote:
> No, this has nothing to do with SQL Server. RS is an asp.net application and > it uses roles to manage who gets to run a report, create subscriptions, etc. > Assuming that you are using integrated security (the default) then what you > are doing is assigning a user or group to a particular role. If you are in > the local administrators group for the server (not SQL Server, but the > server RS is running on) then you are automatically part of the Content > Manager role. > > When you create a datasource then you deal with the credentials for > retrieving the data for the report. > > So, two different things which is good. Remember, you can connect to many > different sources for the data for the reports and they can all be using > different credentials for retrieving that data. > > > -- > Bruce Loehle-Conger > MVP SQL Server Reporting Services > > > "B. Chernick" <BChernick@discussions.microsoft.com> wrote in message > news:18CD1BB0-50CD-422B-8A8B-2770B1B7CBFB@microsoft.com... > > I'm looking at the Properties tab of a report In the Report Manager. If I > > go > > into 'New Role Assignment', I see a 'Group or user name:' textbox. > > > > Do I understand this correctly?: Any name I enter for a new role must > > match > > an existing SQL Server user or group? (If so I would expect some sort of > > lookup/selection list, which is the main cause for my confusion.) > >
I'm still having problems. I was under the impression that access was
controlled solely by RS itself. I know you suggested created a dedicated group. However, I started small, with a single network ID that had absolutely no presence on this particular machine. I created a server role consisting of all the 'View' options. I started by assigning the test id this 'read-only' role at the site level and then worked down to the report. (It appears that I have to assign security at all the levels, site-folder-report, before the user can see the actual report. Is that right?) However, once the Test ID finally had access to the report and started it, I got the error message: An error has occured during report processing. Cannot create a connection to data source 'DataSource11'. For more information about this error navigate to the report server on the local server machine, or enable remote errors.' I really can't find anything in the error logs that seems relevant and I'm not sure I understand some of the other references to this problem on this group. Any suggestions? [quoted text, click to view] "Bruce L-C [MVP]" wrote:
> Yes, you are mapping a Windows user/group to a RS role. What I do is I > create a local group on the box specifically for this. I add individual > users and domain groups to that local group. I then assign that group to a > role. > > > -- > Bruce Loehle-Conger > MVP SQL Server Reporting Services > > "B. Chernick" <BChernick@discussions.microsoft.com> wrote in message > news:6C2052BC-4ACE-4D8F-84A5-A9316D86F0B7@microsoft.com... > > Ok, admittedly I am not a security expert. I should have said Windows, > > not > > SQL Server. Let me rephrase the question. > > > > Are you saying in the New Role Assignment window, the name I enter in the > > 'Group or user name' box must match exactly an existing Windows group or > > user? > > > > (And again I say that I am rather confused that it is a textbox rather > > than > > a selection list.) > > > > "Bruce L-C [MVP]" wrote: > > > >> No, this has nothing to do with SQL Server. RS is an asp.net application > >> and > >> it uses roles to manage who gets to run a report, create subscriptions, > >> etc. > >> Assuming that you are using integrated security (the default) then what > >> you > >> are doing is assigning a user or group to a particular role. If you are > >> in > >> the local administrators group for the server (not SQL Server, but the > >> server RS is running on) then you are automatically part of the Content > >> Manager role. > >> > >> When you create a datasource then you deal with the credentials for > >> retrieving the data for the report. > >> > >> So, two different things which is good. Remember, you can connect to many > >> different sources for the data for the reports and they can all be using > >> different credentials for retrieving that data. > >> > >> > >> -- > >> Bruce Loehle-Conger > >> MVP SQL Server Reporting Services > >> > >> > >> "B. Chernick" <BChernick@discussions.microsoft.com> wrote in message > >> news:18CD1BB0-50CD-422B-8A8B-2770B1B7CBFB@microsoft.com... > >> > I'm looking at the Properties tab of a report In the Report Manager. > >> > If I > >> > go > >> > into 'New Role Assignment', I see a 'Group or user name:' textbox. > >> > > >> > Do I understand this correctly?: Any name I enter for a new role must > >> > match > >> > an existing SQL Server user or group? (If so I would expect some sort > >> > of > >> > lookup/selection list, which is the main cause for my confusion.) > >> > >> > >> > >
I am experiencing the same issue as B.Chernick.
Just as B.Chernick explains, I have also created a Test user that access the report, but gets errors during processing. However, I noticed that if I gave my Test user domain adminstrator privileges (which is not possible in the production environment) I am able to view the report without any difficulty. This leads me to believe that there is a permissions issue someplace along the line. Any ideas?
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |