I have to grant access to 2 reports on SSRS for 40 colleagues.
I have started to proceed this on report manager (ReportName -> security -> New Role Assignment -> paste the username -> select Browser role -> click OK)
But to repeat this 80 times is a bit boring.
I think SSRS executes a stored procedure in the background, because I found these records in ReportServer database.
Do you have any idea how to make this faster? By Executing a t-code or something?
Note: I cannot create AD Group to put these Users into and grant access for the Group.
Many Thanks
Related
I am trying to create a linked table via External Data -> New Data Source -> From Other Sources -> ODBC Database in Microsoft Access. I am able to successfully connect, but when the Link Table window pops up, all of the table names are blank (Blank table name). If I try to click on one of the blank tables, an error message pops up saying "Invalid Argument".
I have been able to query the Datasource using the Query Designer, and I am able to see the tables in Excel when using the Data -> Get Data -> From Other Sources -> From ODBC. I have also been able to add some print statements to the ODBC code and I am seeing in the raw output from the SQLFetch function that the table name is present.
If anyone has any idea as to what may be happening, or even a way to somehow to debug the Microsoft Access calls that would be extremely helpful.
Say we have a Project Status Report in SQL Server Reporting Services (SSRS 2012) that takes the Project ID as the parameter, how can we secure the report so that only team members of that project can see the result?
We have the team members for every project in a separate table.
Thanks.
You can pass the userID as a parameter to your SQL query using query parameters and assigning user id by using command User!UserID. Then inside your SQL query you can check the privileges by using your team member table and return data accordingly
I have searched up and down for a solution and cannot find anything that helps. Everything that I have tried doesnt seem to work.
I have two database. I cannot modify Database A by adding a table or anything like that. I cannot enable cross-database access. I believe I cant use sp.Start_job because I need to pass parameters. I was able to enable xp_cmdshell.
My Database Definition:
Database A
- Order table
Database B
- Email notification Table
What I need to do:
Any time an order is entered into Database A, I need to enter a row into Database B with values of the order. So I need to have parameters
What I have tried:
- xp_cmdshell #query='DTEXEC /f "\\Server\Folder\SSIS Packages\Order confirmations\Order confirmations\Package.dtsx" /DECRYPT password'
1. I get an error saying access denied. I tried setting up sp_xp_cmdshell_proxy_account (##xp_cmdshell_proxy_account##) to an account that has access to the network drive where the file is stored, no luck.
2. whoami.exe shows NT/Authority \System instead of my proxy account.
3. GRANT EXECUTE on xp_cmdshell to [mydomain\myAccount] didnt have any affect.
Whoami Results
xp_cmdshell Results
Any suggestions? The job runs fine if I set it up with SQL Server Agent. Eventually I will just call xp_cmdshell from a trigger on Database A table Orders to enter the data into Database B and then fire off an email with sp_send_dbmail if some conditions are met.
The only way that I could currently find (Without resturcturing permissions in SQL and the network was to give read/execute permission to SQL server. Not my ideal solution, but it works.
Hope this helps someone
I have a web application which takes sql queries and produces the output in the form of a report. I don't want the user to MODIFY the existing database any way. To do this I decided to block all the CREATE,ALTER,DELETE,DROP commands at the web application level by just looking at the first word of the supplied query. This would stop the user from altering the existing schema or the instance of the database.
Recently I discovered that Microsoft SQL Server has the command SELECT * INTO NEW_TABLE FROM OLD_TABLE which allows us to create a copy of the the existing table. Are there any more commands of this kind which would allow us to modify the schema or instance of the existing DB by passing the web application filter ?
Any better ways to block the commands according to my requirements are also welcomed but I do not wish to take away the freedom of creating report using SQL queries at the cost of security.
Why Cannot I use Grant
I see that grant is one good option that I see from the comment as well as the answers but I will not be able to use them because the user supplies the DB details which I use to create the report along with the username and password. It is for the DB's table the user points to that I create the report
You can generate the reports from results of a query performed by a user with only read permissions. This implies management of the database connection to allow other parts of the application to manipulates the data ( you will need to connect as different users).
CREATE USER 'foouser'#'localhost' IDENTIFIED BY 'barpass';
GRANT SELECT ON db.table TO 'foouser'#'localhost';
Even if you use "SELECT * INTO NEW_TABLE FROM OLD_TABLE" you have to create the new_table first using create statement then you can use that statement.
I'm trying to set up a user in SQL Server 2008 R2 so when they login, they only see one database and so they only see views with 1 schema.
They should not be able to see that other databases exist, that any tables exist within the database that they can see, or any views that exist other than tables that belong to one schema.
How can I go about doing this?
Thank you in advance
Edit: some more information. I have managed to get a user to only see 1 database and no others in the past by denying view all databases and making the user the owner of the database. In this case the user can not be the owner of the database.
You can move the database to a new instance.