I have just started working with Report Services for a company and noted that none of the content managers have been removed (even if they have left the company). I was wondering if anyone knows whether there would be any repercussions if i removed or down graded their role...?
These content managers have created and deployed reports, set up security users, created folders and set up subscriptions.
I can recreate the subscriptions so that they are not under the ex-employees name, but what about the rest....
Thanks inadvance.
Removing users from the Content Managers role will not stop or remove anything in SSRS other than those users' ability to access reports. It will not remove folders or other users.
Disabling accounts in Active Directory might disable some data sources, if they were set to use that user account to access the data. But if they were set to use a service account as the data access account, then they will continue to work, regardless of what's happened to the creating account.
Related
I have had a user with browser role which has been able to make subscriptions but he has not seen CC and BCC fields. Because of that, I added Content Manager role for him to all folders and reports and after that, he cannot make more subscriptions or manage reports in any way. He gets error
"The permissions granted to user 'domain\username' are insufficient for performing this operation". Now he can only see the reports.
Do you have any idea?
Browse to Site Settings, Configure item level role definitions.
Then check what settings you have for Content Manager. Maybe someone removed them.
When I added a role also to the Home folder then it starts working. I don't know why, before this was not needed.
Is there a way to provide generic permissions for users to run reports stored in the Report Manager? I can see how to provide access on an individual user basis via Manage -> Security -> New Role Assignment, by adding the User's Windows login name and assigning them to the Browser role for the report. (Report Manager already knows the domain name).
However, we don't want to be continually having to manage this for each new user. I want anyone under that domain name to have access without needing to configure it. I had hoped that just adding the domain name as a 'user' to the Browser role for that report would do it, but to no avail.
You can add any domain group that has been set up, not just individual users, or you can simply add all domain users, i.e. MYDOMAIN\Domain Users to the Browser role, which seems to be what you're after.
However, I would recommend creating a generic user group like MYDOMAIN\SSRSReportUsers or something like that and adding this group to the browser role instead of MYDOMAIN\Domain Users, as adding all users to the Report Server seems like it doesn't give you many options to manage this in any sort of granular way.
I am trying to get security on Reporting services set up. I have installed reporting services with all the defaults and I was able to create and publish a report. Using the link [http://server/reports] I was able to view that report. Bearing in mind that i am in the domain administrators group.
I then asked a non domain admin user to review the report but they got the message: • The permissions granted to user 'DOMAIN_ABC\username' are insufficient for performing this operation. (rsAccessDenied)
It then dawned on me that I would need to set up security by assigning the 'Browser' role to DOMAIN_ABC\Domain Users.
At that point I realized that I had no way of interfacing with the security side of things as none of the Home, My Subscriptions, Site Settings tabs were displaying (as is the case with a 2005 RS deployment we have). Thus began my search for how to get the 'admin' view into the environment to enable security and access. I have thus far been unsuccessful so far, I have tried running IE as the 'Administrator', added the server to my 'Trusted' sites list. Checked the RS config file, set the Service Account to 'Local Service' but still no joy. Does anyone know what I may try?
Thanks in Advance,
Jonathan
You can not view the admin settings unless u got that permission.
Only Report manager administrator can create roles and users from report manager url [http://localhost/Reports/] then go to site settings ----> security,----> new role assignment.
If the user in system Administration group then only he can view the site settings option in the home page, If the user is on other group like content manager /System user then he can not view the site settings option.
You need to first add the user in the System Administrator group.then he can view all these settings.
Hope this helps...
I have a SQL 2008r2 report server where, despite having the appropriate ROLE permissions assigned within the RS, you can not view a report/folders Properties, unless you are also a member of the administrator group on the server. You can view the report itself, but not the Properites tab. When viewing the Properties tab, an rsAccessDenied error is shown with the message "The permissions granted to user 'XXX\XXX' are insufficient for performing this operation."
My understanding is that just being a member of the Browser role should be sufficient to view a reports properties, and the account actually is member of all roles (Content Manager, Publisher, Broweser, etc), so that isn't the issue, so why would you also need to be a member of the administrator group on the server?
Given that everything is being done from a browser on a remote computer, I'm at a bit of a loss as to what the Properties tab is doing that requires the extra permissions.
Anyone know what's going on and what needs to be changed so that the user doens't need any permissions on the server itself?
I had a similar problem where I didn't have access to the Properties-tab or the Data Sources-tab but adding my user to Administrators did not solve the issue. However all my role assignments were on a subfolder and when I was added to root/home with role "Browser" it suddenly started working. Even without me being an admin on the RS Server.
According to Microsoft documentation, you need higher privileges to achieve that :
http://technet.microsoft.com/en-us/library/ms157363(v=sql.105)
Browser role only enables you to navigate through folder structure and view/subscribe to reports. You need the "Content Manager Role" to achieve what you want.
We have several Collections in our TFS 2010 server.
This server hosts all of our TFS related services.
I'd like to allow a specific programmer to create Team Projects within his dedicated collection.
He belongs to the collection's TFS administrators group.
When he tries to create a new Team Project, it fails with a Reporting permissions error.
I understand that he also needs Reporting services permissions to create the relevant Reporting objects for the new Team Project, but I don't want him to be a full admin for the whole server's Reporting Services.
Is there a way to allow him the full ability to create new Team Projects without making a full Reporting Services admin?
source:http://www.microsoft.com/download/en/details.aspx?id=8175
To grant administrative permissions for a team project collection in Reporting Services
Start Internet Explorer.
In the Address bar, type the following URL, where ReportServer is the name of the server that is running Reporting Services: http://ReportServer/Reports/Pages/Folder.aspx
Click the Properties tab, and then click New Role Assignment.
In Group or User Name, type the name of the account for the user or group to whom you want grant administrative permissions.
In Role, click Team Foundation Content Manager, and then click OK.
The one thing missing in the manual, is that you need to do this for /TfsReports/[collectionname] while setting stop security inheratence.