I want to create web service with forms authentication in SSRS and then use it to view reports retrieving data from SSAS cube. Is it possible to, after successfull logon, pass identical user's forms authentication credentials, to SSAS server so with one credentials user is authenticated in two servers? If yes, how I can achieve this task?
I'm using SQL Server 2012.
No, because SSAS doesn't alow any form of autentication other than windows authentication. You can definetly connect to SSRS using forms (and by forms I mean a SQL Server user) but then, from SSRS on, you must use a AD user on your SSRS data source to connect to SSAS.
Related
How can I implement Anonymous Access for Reporting Service with SQL 2012?
Why on earth would you want to allow anonymous access to your report server in (I assume) a production environment.
If by 'anonymous access' you simply mean that want all users in your domain to be able to access the reports you publish to the report server (I'd think about this also - obviously I don't know where you work or what reports you are producing, but do you really want very junior staff seeing profit/loss accounts for example?) I suggest you start by reading the documentation here.
For my company there is a report that ends up in an access database format (.accdb) when it gets to my department. We want to deploy an SSRS with this information. While I was able to do it in Visual Studio the database manager questioned whether this can actually be deployed and work in the server environment. Can this this be achieved?
Are you talking about an Access report, or data inside of Access?
SQL server reports are not built in Access and have absolute nothing to do with Access. The only issue would be then since the report cannot be built in Access, then why attempt to have SQL server open an accDB file for the data source? You would be much better off to simply have Access transfer the table data to SQL server and then continue to use the reports built in SQL server.
So a report in Access has ZERO relationship to SQL server reports. As such, the reports in Access are of no use and if your plan is to use SSRS, then the reports have to be built in SSRS.
It is possible to place an Access accDB data file on the server and have SQL server connect such data, but it generally does not allow or work well with multiple users.
Keep in mind, the reverse is certainly possible and often recommended. You place and keep all data on SQL server tables. You then link the Access application to SQL server. In this setup then the data ALWAYS resides on SQL server, but the reports are in Access. And the general forms etc. built in Access will save + send their data to SQL server (and this works without having to write code).
The above thus suggests that the Access application with the reports has to be distributed to users that need such reports. And such users will thus all share only ONE copy of the data since such data resides on SQL server. And this setup would also allow one to create reports in SSRS without having to upload any kind of data, since the live operating data from the Access application always resides on SQL server.
So in summary:
Access reports are Access reports, just like FoxPro reports are FoxPro reports, and FileMaker reports are FileMaker reports. As such, these reports cannot be used, viewed, or utilized by SQL server in anyway.
However, the reverse is not only possible, but is a common solution. Thus the Access (front end) is linked to SQL server and the data tables for forms, code, reports etc. for the Access application now resides on SQL server.
If you place the actual accDB data file from Access ON the SQL server, then SQL server can read the data, but any code, forms, reports etc. from Access cannot be used by SQL server. So a report in Access is of ZERO use to SSRS.
So if SSRS is a goal, then anything built in Access from a user interface point of view cannot be used. SSRS thus can only consume the data in tables.
Since SSRS can ONLY consume data from Access (and nothing else), then a far better solution in place of moving up a accDB file to the server is to simply push up the data from Access tables to a SQL server tables. And if such a data transfer is to occur often, then likely better is to ALWAYS keep the tables and data in SQL server, and have the Access front end part “link” to the data on SQL server. Access reports, forms and even VBA code will in most cases run as before, but the live data always resides in SQL server. You thus eliminate all the dance and song of attempting to transfer data between two systems. The SQL server data is thus always “live” and update to date, and only ONE copy of the table data EVER exists.
Most Access applications and reports and forms can work with very few (if any) modifications when you place the data tables on SQL server, and have the front end Access part “link” to SQL server.
Since a given specialized report in SSRS is going to require a pre-determined and non changing table structure, then the most prudent solution would be to have Access link to and use the data from SQL server tables (not the other way around).
So Access reports can ONLY be used by those with Access (or the free runtime) installed on each client desktop computer. Such Access reports have to be 100% re-built if your goal is to have such reports be used with SSRS.
I have my application created on VB.NET using SQL server 2008 R2. We have used crystal report for our data to view extensively. We have used connectionInfo interface class to build trusted and sometime non-trusted connection based on input to display data from SQL. We have newly implemented Database application role in our application to limit the access of user to the DB level. How can we implement Database application Role in case of Crystal Report while working with connectionInfo.
Thanks in advance looking forward to have positive response.
Regards,
Salman Momin
See the first google response: http://technet.microsoft.com/en-us/library/ms190998.aspx
You call/submit sp_setapprole with the application password from your VB.Net application.
I'm currently using Reporting Services from SQL Server 2012. I know that one of the most common possibility to access reports is to use web server from SSRS itself with its web service. My question is: do we have other possibilities to access these reports, like from our own web page on our own server e.g. IIS or Apache? And do we still need this web server integrated with SSRS?
Sounds like you are looking for this document specifying methods applications can use SSRS. It provides links on how you can implement three methods of server access:
Using the web service
the ReportViewer control
URL access.
URL access can be very easy to implement, you can get the resulting report as a stream and pass it on to the client, save it, display it, &c.
Note that even Report Manager is built using these methods.
There are two methods to access the reports : either from the SSRS web server or from SharePoint.
Note that you can always create a web application that pulls the report list from SSRS and display those reports as you wish by using the SSRS web services.
I am developing SQL Server Reporting Services (SSRS) reports on SQL Server 2008 R2 and using Report Manager as a method to demonstrate and test reports. I am looking for a way to allow users of the same domain to connect to the Report Manager and run reports via a browser (not SharePoint) without letting the user have too much access to the data source. I currently have each user listed as db_owner for the database that the datasets and data source are associated with. I would like to limit this access and I have tried db_datareader but this level does not allow the user to run the reports and gives the user this error: “Cannot create a connection to data source 'DBname'. (rsErrorOpeningConnection)”.
My method of adding a user to The Report Manager site: I select the ‘Security’ tab under ‘Site Settings’ and then select ‘New Role Assignment’ adding the user as a ‘System User’. I then select ‘Folder Settings’ on the toolbar and again select ‘New Role Assignment’ adding the user as a ‘Browser’. I have tried adding a user as a ‘Content Manager’ but they still have the same error when it comes to the data source.
My method of adding a user to the data source: select new login from the Security tab for the server, add domain\username to ‘Login name:’, use Windows authentication and change the default database from master to the database that is the reports data source. I then select ‘User Mapping’ and put a check next to the database that is the data source. In the ‘Database role membership for: DBname’ section I choose db_owner and public is already selected. I have included screenshots below.
My question is what ‘Database role membership’ can I use for SSRS and Report Manager that would not be as broad as db_owner and would have the best security? I have tried db_datareader but then the user cannot connect to the data source when they run the report.
I have researched this question but I have not found any details accept for adding the user as a db_owner as I described. MSDN acts as if the settings in Report Manager are all that you need to set for the user/report to have access to the data source. I have tried only using the Report Manager settings with both settings for a data source, shared and imbedded with no luck.
Thank you in advance
Typically, the data sources in SSRS will be set to use a fixed account, either a Windows account or SQL authentication. This account should be given minimal privileges to the database: db_datareader is common.
Then security to the report is controlled through Report Manager as you describe above. this avoids the need for changing security on the database itself with changes in user permissions.
But the approach you describe above should work as well. The error you see when the user has db_datareader access is surprising if your query is a standard SQL query selecting from tables. If you are using Stored Procedures, you need to grant access to those as well. Use a test user account that is set to db_datareader; see if you can connect and execute your query through SQL Server Management Studio.
Depending on your security requirements, I would use a dedicated account for database access from the reports, say "ReportReader." Develop and test your reports accessing the databases as this user, and make sure the user has minimal access, read-only and/or limited to only the tables or procedures they need to execute.
The credentials used to access the database are set in the properties of the datasource. This is one reason that Shared datasources are often used, and the reports are linked to the shared datasources:
The screenshot shows a SQL server authenticated account in use. This could just as easily be a fixed Active Directory account; check the "Use as Windows credentials when..." in that case.