I am able to setup and run the SSRS 2016 environment for reporting purposes
https://learn.microsoft.com/en-us/sql/reporting-services/web-portal-ssrs-native-mode
When i try to access the portal [ similar to the one explained in above link] i can see all my reports and all is working .
ON top right corner of the web portal it shows the user details who currently accessed the portal and its by default the windows user who logged in to the windows. But in a specific scenario i have multiple windows users and i have to to access this report as a different windows user.
For this now i am doing the steps
close the browser
clear cache
open browser and reload report url [localhost/report/browse]
it will ask to input user name and password and i am able to logged in as different user
But is it possible to implement a logout kind of feature similar to webapps so we can redirects to Login page again in SSRS 2016 Web Portal . Is it possible ? Since i cant see anything in the documentation related to this. Can someone helps to get an idea about the implementation
I have this issue a lot while trying to setup sensible hierarchical SSRS security based on AD Groups and SSRS Server Roles and SSRS Folder Security Roles. After my browser caches creds from my NTLM challenge response, I can open an Incognito browser and login with different creds.
Related
We have one SSRS 2005 report website. And there is one user, who can access the web for long time. But one day, he can't access the website. His IE browser shows the web can't be open.
I am the admin of the SSRS report website. I have set the user the account to the database where the SSRS reports locate. I even set this user one admin account for the server. But the user can't access the SSRS website anyway.
Could some one please help me? Thanks a lot.
Four levels to SSRS:
User Type: 'Admin' or 'Quest'
Folder permission on url at http:// (reportserver)/Reports. Hit Folders ensure user is set up there with their credentials.
Reports use either embedded credentials or a windows user authenticating to the report.
If browser is not working was it upgraded from IE 6 or older to newer? You may have to add the site to trusted sites.
I've deployed an SSRS report on my PC and am able to access my report through the report manager. When I copied the report URL and opened it on another PC over the network, it asked for credentials when using Mozilla Firefox.
I've tried the following in Firefox:
The about:config "This might void your warranty!" warning page may appear. Click I'll be careful, I promise!, to continue to the about:config page.
In the about:config page, search for the preference network.automatic-ntlm-auth.trusted-uris, and double-click on it.
I've added my server URL in that manner, which prevents the credentials popup from appearing.
I don't think this is the correct way of doing things. If I'd pass around the URL to -say- 100 different users, they would all need to do what i did as described above?
Can anyone help me to avoid credentials popups (username and password), and open the report directly?
check your server URL, must be just "http://server_name" in firefox about:config "network.automatic-ntlm-auth.trusted-uris" key
store credential required in for accessing data source, at report tab "data source"-"Credential stored securely in the report server"
add in security tab "domain user" that has credentials for accessing the report , check only for "Browsing"
enter credential for "domain user",for the first time when showing report in firefox and allow to remember
now it works automatically when you start link shortcut
The report will need credentials to run. (Turning on anonymous access to SSRS is not supported and not recommended.)
Those credentials can come from a few different places.
1. Users are prompted for user name and password.
2. Credentials are stored in the browser (or in Windows.) As you've seen, this is easier to handle with Internet Explorer than Firefox for NTLM authentication. But Firefox does give you an option, as you've mentioned.
3. Some other service or website accesses the report server and hands in credentials. This other service then passes the report on to users. Designing this would require some thought: Would you need to track who accesses this service? How would you secure individual reports?
Your comment suggests that you have conflicting requirements: you aren't allowed to have Firefox automatically log in for security reasons, but you want to have Firefox automatically log in. There's no technical advice that can solve that problem.
I have already researched the following existing SO questions and the links that they reference:
User '' does not have required permissions, SSRS 2008 on Windows 8
Reporting Services permissions on SQL Server R2 SSRS
SQL Server Reporting Service - Service Manager Error - User Does not have required permission
I've taken the steps already outlined by these suggested solutions, but even after all that and also logging out and back in, nothing has changed. In fact my user name was already listed as a System Administrator before I started any of this.
One of the solutions (http://thecodeattic.wordpress.com/category/ssrs/) also mentions a "Folder Settings" area where you can specify roles for a user - "Content Manager," "Publisher," "Browser," "Report Builder," and "My Reports" - but I don't see a way to navigate to this section anywhere.
Any ideas? Thanks!
SSRS has 2 security/role sections available in the web GUI: Folder Settings and Site Settings. The navigation path to get to each is kind of weird.
For Folder Settings, login to the report server (/Reports by default). In SSRS 2012, there's a button in the top toolbar called 'Folder Settings'. I believe the link is the same in 2008, but it's been a while since we migrated.
Adding user permissions here allows the named users to run reports. Here you should add your own user account, plus the account used to run reports. In my case (web app), this is my IIS Application Pool identity (IIS AppPool\DefaultAppPool).
Site Settings controls who can login to the Report server and access more report metadata. You'll see the 2 roles are System Administrator and System User, so these are all really trusted users. Beyond giving yourself admin, you'll only need to grant permissions to user accounts that do "adminy things", like deploying reports. In my case I've got a local user account that my web application impersonates in order to deploy or delete reports. Users (ReportViewer) don't need this access.
I suspect all you're missing is the Folder Settings (e.g. "permission to run reports") settings, which are accessible from the first page when you login to the report server.
If you don't see that link, try the direct URL:
http://MYREPORTSERVER.COM/Reports/Pages/Folder.aspx?ItemPath=%2f&SelectedTabId=PropertiesTab
(Tested on 2012 only)
It is important to run your browser (IE) "As Administrator".
Another important bit is to go to http://localhost/reports, not http://SERVERNAME/reports !
Than click that "Folder Settings" link. Than follow instructions in that postings above.
I ran into the same pickle myself with the SSRS 2014 user access settings.
In my situation I have a folder for each of the company's departments - which are a lot!!
After some digging (well, digging and actually giving/revoking myself the user rights) I realised that:
1) I have to add each user in the root HOME Folder Settings (just with "browser" role)
2) Doing this will grant that user access to every report in every folder!! What the hell's with that, MicroSoft?!?
3) I have to edit each of the folders for which that user SHOULDN'T have permissions and remove each of these users manually so that, that particular user(s) will eventually have rights just for the one folder(aka dept) they belong to.
Has someone found a better/faster way of achieving this w/o all the extra, huge, painfull, frustrating manual work of removing an user from all the other folders, except the only one that user should only have access in?
If I add an user just to that folder - w/o adding it in the the HOME folder security - then that user will get the same error message as in the OP's description.
And I think I remember, back in the days of SSRS 2005, a SSRS ReportManager admin user was able to edit/modify this so called profiles. I couldn't find that anywhere in SSRS 2014 Report Manager
One trick is to run internet explorer 11 in administrator mode.
Then you can add your windows user.
Also, accessing the URLs in an InPrivate IE tab will raise the permission error.
This worked for me to add my domain account to the local instance:
Create a local admin user within Computer Management
Download and Launch Edge-Chrome as an administrator (https://www.microsoftedgeinsider.com/en-us/)
Ensure you're browsing as a guest by clicking the profile pic to the right of the address bar
Launch the reports site e.g. http://yourpc/reports
Click on the cog in the top right of the web page, select "site settings"
Click "Security" on the left menu and add the user account to Administrator
Reboot for luck
This may work in another browser, but haven't tried it.
EDIT: You'll need to add the domain user to the default folders too.
Once again the SSRS security wall has hit me.
I did a fresh SSRS 2008R2 install.
I created a separate account (ssrs) on my box to access SSRS-related services.
Upon navigating to localhost/reportserver, I was confronted with a windows authentication popup. I entered the ssrs username and pw and after some time was presented with the following error message:
The permissions granted to user 'mybox\ssrs' are insufficient for performing this operation. (rsAccessDenied)
Navigating to localhost/reports/pages/folder.aspx renders the same SQL Server Reporting Services error.
I've setup reportserver.config as follows:
<Authentication>
<AuthenticationTypes>
<RSWindowsBasic>
<LogonMethod>3</LogonMethod>
<Realm></Realm>
<DefaultDomain></DefaultDomain>
</RSWindowsBasic>
</AuthenticationTypes>
<EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>
Ultimately, what I would like to do, is access the reports through my C# code, which I'm assuming I will use the authenticated user that I've setup on the box.
One post indicates to add the name or group to the ssrs group, which once done, doesn't work with SQLServerReportServerUser$MyBox$MSRS10_50.SQLSERVER2008R2.
Keep in mind, I am not yet able to even view any of the report services menus, as some people have had issues with. I'm at step 1, just trying to see the services.
I've even tried logging in with my admin account on this box - no go - still a permissions issue.
Some step-by-step guidance on this would be helpful.
Thank you.
After several different combinations of trying, the solution has presented itself.
To recap - this is auth issue was right when trying to access localhost/reports and localhost/reportserver - couldn't even get to the Reporting Services homepage.
I had tried setting Full Control permissions for my ssrs user and Everyone on C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLSERVER2008R2\Reporting Services (and all subdirectories) which did NOT work.
Ultimately, I started IE in Administrator mode (right-click on IE, select Run as Administrator), and was able to navigate to localhost/reports which goes to http://localhost/Reports/Pages/Folder.aspx.
Select Folder Settings / New Role Assignment. The New Role Assignment page will allow you to setup specific users you have setup on the box.
In my case, for now and just testing, I just have one user to access all SSRS-related items.
Incidentally, I am accessing /reports through a different browser, so the fact that I'm in IE as Admin, doesn't affect the other separate vendor instance.
Summary:
Does anyone know what the minimum we have to do is to get the user to be able to press a button in our app and have the report pop up in an HTML control (Delphi App) with no further input from the user?
Detail:
Authentication is no longer anything to do with IIS in 2008, and a lot of authentication discussion on the web is about IIS and SSRS 2005.
We are looking to display reports within our application and are trying to avoid using the API to re-construct the ReportViewer.
We are hoping to open the reports within an HTML control by passing a URL to the control, along the lines of http://RSServer/ReportServer/ReportDir/ReportName.....
This doesn't work and it looks like it is because the report asks for authentication. We use SQL server authentication for the rest of the app and explicitly want our app installable where domain authentication is patchy at best.
I have enabled Basic authentication which doesn't make much difference, but you don't seem to be able to anable Anonymous Auth, which wouldn't actually be desirable anyway.
Dom.
I've not tried it, but have you looked at this MSDN blog?
EDIT
This may be of more use - it suggests a method of bypassing authentication without running anonymous access
EDIT 2
With basic authorisation enabled, could you simply provide credentials in the URL? - http://username:password#servername/etc/etc?