Contect Management

Last Post 24 Mar 2004 07:40 PM by dmcdowell. 1 Replies.
AddThis - Bookmarking and Sharing Button
Author Messages
bigelectricmac
New Member
New Member

--
18 Mar 2004 11:29 AM
Just installed RS and I'm not sure the security content management is strong enough - or more likely I'm missing something.

I need to set it up so that each of my users may belong to one or more groups. I need to give these groups access to a particular set of reports. I'm not sure how in the Report manager to set this up - it seems weak.

There is no place to create user groups - so I guess I should use either local groups on the box or Active Directory groups... Then I assign a folder (or single report) with browser rights to the group....??

If my deployment grows fairly big, there doesn't appear to be a way to say "Show me all the reports this user (or this group) gets..."

Have you found any good whitepapaers on setting up the contect security model for Reporting Services?

Glenn
dmcdowell
New Member
New Member

--
24 Mar 2004 07:40 PM
The Best Practices Group is working on guides in this arena, Microsoft has been more concerned about getting the product shipped with as few bugs as possible...

From experience, I will offer these CM suggestions:
~ Use AD Groups... if you build a RS web farm later local groups will have you cornered.
~ Avoid Report-level security and leverage parent inherited security settings for container objects (folders) where possible.
~ You may want to set up seperate container objects for each of your AD Groups or the parent level to an AD Group hierarchy.
~ If it is easier from a managment standpoint to centrally locate an RDL file and use linked reports (they work for non-parameterized reports too) to offer it out to different security-managed container objects... avoid making two copies of an RDL file solely for security level assignments.


Acceptable Use Policy
---