Is it possible to manage report permissions by using Active Directory? For example, I have an employee performance report. Employee can open the report by choosing his/her name from the dropdown parameter. This parameter dropdown lists the all employee names. However, most of the employees must see just their names in that dropdown. It must be forbidden to see other employees names. Moreover, the department heads must see the all employee list in that dropdown. How can I make a solution for this?
The best way to do this is by using the built-in User!UserID field, which returns the credentials of the person running the report. If your users are accessing SSRS using their Windows domain credentials, then User!UserID will return as string that looks like DOMAIN\userid. As long as you have somewhere in the database where you can link the user's Windows login to their name, then you can use that to restrict the dataset that returns the parameter dropdown (either as a SQL parameter or as an SSRS dataset filter).
Related
I have an SSRS report used by many users from different regions.
Is it possible to show/hide information based on region without
using parameters - we are using a single report?
Is it possible to give report permissions to users who are outside
of network(Company)?
Without using parameters how do you intend deciding which information to hide or show?
If (big IF because you haven't said why you cannot use parameters) what you want to do is possible then you are going to
have to
Create separate folders for each class of user.
Set the permissions on those folders so that they can only see their
own folder.
Put a copy of the report in the folder.
Have a hidden parameter which passes the class of user into the
report OR
Pass in the current windows authenticated user into the report and
report on class of user from the windows login.
In answer to your second question - Yes- you will need to set up Forms Authentication.
Is there a way to provide generic permissions for users to run reports stored in the Report Manager? I can see how to provide access on an individual user basis via Manage -> Security -> New Role Assignment, by adding the User's Windows login name and assigning them to the Browser role for the report. (Report Manager already knows the domain name).
However, we don't want to be continually having to manage this for each new user. I want anyone under that domain name to have access without needing to configure it. I had hoped that just adding the domain name as a 'user' to the Browser role for that report would do it, but to no avail.
You can add any domain group that has been set up, not just individual users, or you can simply add all domain users, i.e. MYDOMAIN\Domain Users to the Browser role, which seems to be what you're after.
However, I would recommend creating a generic user group like MYDOMAIN\SSRSReportUsers or something like that and adding this group to the browser role instead of MYDOMAIN\Domain Users, as adding all users to the Report Server seems like it doesn't give you many options to manage this in any sort of granular way.
I have a ssrs project made up of various reports and subreports, and when I preview it I simply select the parameter (unique ID) and it creates a report for this ID.
The parameter drop down is a list of about 100 different ID's and I just want to know how I can just make it create all 100 reports. I only know how to preview one at a time.
Do I need to set up a report server or something?
There are many ways to go about it. You don't provide much context or detail about your situation, but in general here are two options:
Create a master report that has a dataset with all 100 ID's. Include a subreport (your actual report) inside a list and pass each ID as a parameter.
Deploy the report to a report server and use data driven subscriptions.
Programmatically generate the reports, for example by pulling a report from a report server for each ID, possibly via the web service endpoint or report server URLs.
I am not able to create subscriptions for SSRS reports as it gives the following error:
Subscriptions cannot be created because the credentials used to run
the report are not stored, or if a linked report, the link is no
longer valid.
My set up is as following:
ServerA - Database Server
ServerB - Report Server
MachineC - Internet explorer to view the reports
So I am viewing reports on Machine C, IE, and ServerB connects to ServerA for Datasource.
The problem sounds like the report expects the user to provide credentials when it is viewed. When you create a subscription, it does not have the credentials to execute the report.
Go to the report, click the properties tab, then choose Data Sources in the left pane.
Are you using a shared data source? Is it using Windows integrated security? If so, can you change it to use a service account made just to run these reports? You may need to view these properties by viewing the data source itself.
If it is a custom data source is the option "Credentials supplied by the user running the report" selected? If so, can you change it to "Credentials stored securely in the report server"?
Either way, if you want to set up a subscription, I have made it work by providing credentials in the data source rather than have the user input them.
If you are worried about security, I would suggest managing that on the report level rather than the data source level.
What the error does not make clear is, in order to be able to subscribe to a report not only must the data source be set to "Credentials stored securely in the report server" you must also not select the option "Impersonate the authenticated user after a connection has been made to the data source".
The way I did was to create a new data source in the report builder and explicitly provided the username and password there to be used.
Then, used that username password with the new data source with the report and voila it worked.
I faced same issue as you, and i found its solution, as #richard said already that it is related to credential of data source you use for your deployed report.
To resolve it Follow these steps:
1. Right click on your shared Data source which you use in your deployed report.
2. Click On Edit Button.
3. a new window will open click on Credential from left pane, Select Use this user name and password then click ok.
4. Check on Save these credential option you get on to previous screen.
5. Test connection and if succeed click ok and deploy your project on report server.
For reference plese look at screen shot given below:
Thanks.
on SQL Server Reporting Services, I have the below requirnment for a report
Users are authenticated for Reporting using Active Directory (windows domain accounts)
We have an custom authentication DB and the data that should appear on the report are related to users on this Authentication DB
Need to generate a report that list Sales data for all the stores, and "all data" should only be available to "Admin" users
For "Non Admin" users, same report should only display sales data for the single store that they are associated with. (Not the whole list of sales data for all stores)
Definition of "Admin", "Non Admin" user categories are defined on the custom Authentication DB.
Really appreciate if someone could give me the directions on what approaches I should follow.
Please let me know if I should further clarify my requirements.
Thanks.
In SSRS you can access the User ID (=User!UserID). Set this up as an internal parameter for the report, and pass this into your dataset queries as a parameter.
Now you can join to your custom permissions table in your dataset queries.
Use a query constructed with this method to populate your parameter drop down for "Store."
Also use the parameter again and double check that the user has permissions in your main query that returns results. This will avoid a user being able to manually specify a store that they don't have permissions for. (Otherwise URL access would allow users access to reports they shouldn't get.)
Let me know if any of this isn't making sense.