I am new to SSRS 2008 and I have ran into an interesting issue and it has me scratching my head. It seems to be applying the roles but it lets a user that is in none of the Reporting roles change site settings. I have searched configuration files and cannot find out where this can be changed. I know there are System Roles and Report Roles but where is the application security actually being controlled since it is not being set by IIS anymore. I looked in the configuration files but nothing stood out to me. Where do I go in SQL Server Reporting Services 2008 to lock the application down to only users that are assigned to roles?
views:
148answers:
1
A:
I only have a 2005 instance handy, but I would suggest connect Report Services instance in SSMS, Right click "Home" and choose properties. This (at least on 2005) contains a user to role mapping. See if there are any groups/users listed there that have inappropriate role assignment.
cmsjr
2009-08-06 20:24:50