I am trying to create a data driven subscription for a report that uses #UserID to filter the results (for security purposes). The solution I've seen referenced as the answer to several similar questions is a broken link.
We'd like to have a version that a user can access online as well as the subscription report that is emailed. Is there any way to do this without having two versions of the report (one with userID and one without)?
We have developed a solution that allows the same report to be used for live access as well as data-driven subscriptions (DDS). It is based on the concept found at the link provided by djphatic
To start, we return the #User value using custom code added to the report, instead of the User!UserID function which will make the DDS choke. The code is similar to the Prologika solution, but I found it at another online source--my apologies for not remembering where I found it. The code is:
Public Function GetHashedUser()
Try
Return Report.User!UserID
Catch
Return " "
End Try
End Function
For the user parameter default value we use:
=Code.GetHashedUser()
This returns the User!UserID if the report is being run live.
The data-driven subscription needs to have the user and other parameters passed using the query for the subscription. Since any parameters passed this way will be visible in the URL, we use a hashed version of the userID (called the userkey). The userkey corresponds to a value in our security table and can identify the user and their associated permissions. We don't encrypt the other filters, since they are based on the user and are used for drill-downs.
Please see the link below. I've not tested this myself but I've seen this solution mentioned before.
http://prologika.com/CS/blogs/blog/archive/2011/03/28/data-driven-subscriptions-and-row-level-security.aspx
Related
this question has been posed in many flavours, but no one fits my needs.
I'm working on a partially complete Razor project; the original developer has left our office, and he wasn't much concerned about securing password fields, as he left all of them in clear.
These passowrd fields authorize several aspects (Ftp primary and secondary access, Ftp on AS400 and mail sending), so nothing related with login/submit forms. When I changed these fields from text to password, they revert to blank fields, regardless the content of the View Model, and this should be the correct behaviour, as per the numerous answers I've seen googlin around.
My problem is this: the user needs to know at least if a password has been configured (seeing a string of * or any other mask character the browser use), so I need to show him that value to let him know if the service is configured, and the best would be to let him also reveal the password to check if it's correct. The option to not update the particular field in the DB if it's left blank is not an option.
This site works only on Intranet, so there is no concern about hackers monitoring the connection or similar.
I've tried all (I think) the possible combinations, including building the input element manually through html, using the #Html.TextFor and #Html.PasswordFor helpers, decorating the corrisponding member in the view model with [DataType(DataType.Password)]. The data is binded when the page is loaded, so no ajax calls help me retrieving data.
I'm relatively new to Razor, as my last two projects are entirely in PHP.
Thanks for any suggestions.
Ok, no other solution found than issuing an ajax call to a dedicated HttpGet controller method to retrieve only the password fiels, then populating the dedicated fields when the controller returns the object containing all the password I need.
I published my first report on Reporting server and I've tried to set a cache plan and I have the error
cache refresh plans cannot be created or edited because the associated
item has user profile dependencies
Any suggestions?
After hours of search I've found the problem was that the report contents the had a reference a the user profile property (as said the message) User!Language in a DataSet. For resolve I added a custom code that return the value runtime and replace the property with expression
"=Code.GetLanguage()".
Funtion GetLanguage() as String
return System.Threading.Thread.CurrentThread.CurrentCulture.Name
End Function
Of course the problem occurs for any the user profile property (User!XXX)
I have a custom permission model for my project and I'm not using django's default permissions backend. I have a custom has_permission template tag to check if the user has the specified permission or not.
The problem is that there's lots of queries done for the same checks every time, I'm looking for a way to reduce my Permission queries. What I'm doing inside my templates is like :
{% if user|has_permission:'jpermission.can_edit_jpermission' or
user|has_permission:'jgroup.can_edit_jgroup' or
user|has_permission:'role.can_edit_role' %}
and the code for has_permission template tag is as follows :
rep = perm_name.split('.') # rep is for e.g. "jpermission.can_edit_jpermission"
ctn_type = rep[0]
codename = rep[1]
pr = JPermission.objects.filter(model_name=ctn_type, codename=codename)
if pr.exists():
if user.has_perm(pr[0]):
return True
Specifically talking, the problem is that every time i check even for the exactly same if statements, lots of queries are made (from what I'm doing, it's obvious there will be).
Is there any other way i can go at it ? like query all permissions once, cache them, and do something like how prefetch_related is handled to prohibit further db queries (python filtering with loops and ... ) ?
P.S: has_perm is also overridden and checks if users role, group or permissions have the specified permission or not)
There are multiple solutions for this.
Move permissions to user model as methods of model and use cached_property decorator so that consecutive calls to methods does not hit database again.
Store the permissions state in session when user logged in, and later use session data to check for permissions.
It looks like you are using django-guardian, and it is already caching the permissions:
Once checked for single object, permissions are stored and we don’t
hit database again if another check is called for this object. This is
great for templates, views or other request based checks (assuming we
don’t have hundreds of permissions on a single object as we fetch all
permissions for checked object).
First time using SQL Server 2008 this morning.
I am trying to find a user defined function that I created. I cannot locate it in the "Programmability>Functions" branch of the object explorer. Here is what that branch looks like:
There do not seem to be any "user defined functions" and I don't know if any of the particular branches should house that. I have been granted database owner rights to the database, so I don't believe it is a permissions issue...
I was able to retrieve the full text of the function using the 'EXEC sp_HelpText 'someUserDefinedFunction'' that was listed in this thread about finding user defined functions. That thread did not provide enough information for me to locate my function in object explorer or edit my function again using SMSS. Please see the full screenshot of my SQL Server 2008 Management Studio instance with the return from the sp_HelpText query for additional context.
The function works just fine when it is called. I retrieved this function from this thread about splitting delimited text.
I am hoping to find a location in the interface that displays all the user defined functions!
There is no "user defined functions" menu in SSMS. All functions except system are user defined. Based on return type you will find your function in "Table-valued", "Scalar-valued", or "Aggregate" (the latest is not really different from "Scalar-valued" in terms of return type though, but it can be used for aggregation). In your case check "Table-valued"
I have a need to determine what security group(s) a user is a member of from within a SQL Server Reporting Services report. Access to the report will be driven by membership to one of two groups: 'report_name_summary' and 'report_name_detail'. Once the user is executing the report, we want to be able to use their membership (or lack of membership) in the 'report_name_detail' group to determine whether or not a "drill down" should be allowed.
I don't know of any way out of the box to access the current user's AD security group membership, but am open to any suggestions for being able to access this info from within the report.
You can add custom code to a report. This link has some examples.
Theoretically, you should be able to write some code like this, and then use the return value to show/hide what you want. You may have permissions problems with this method, though.
Public Function ShouldReportBeHidden() As Boolean
Dim Principal As New System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent())
If (Principal.IsInRole("MyADGroup")) Then
Return False
Else
Return True
End If
End Function
Alternatively, you could add your detail report as a subreport of your summary report. Then you could use the security functionality built in to SSRS to restrict access to your sub report.
In Reporting Services just use :
Public Function IsMemberOfGroup() As Boolean
If System.Threading.Thread.CurrentPrincipal.IsInRole("MyADGroup") Then
Return True
Else
Return False
End If
End Function
as indicated in this posting
Note: This works once the report is deployed to server but not in the IDE.