tags:

views:

22

answers:

1
Q: 

How does one secure SQL Server Reporting Services (SSRS)?

I've installed SSRS on my development machine and everything works as expected - except anyone else who is logged on to my domain can view all of the reports by browsing to http://mymachine/reports. I find it a bit strange that the default behaviour is for everyone on the domain to have access to the reports.

  • Am I doing anything wrong here?
  • What are the steps I need to follow to ensure that only I am allowed access to the reports?
  • And what therefore are the implications for my ASP.NET application that has to access the reports using the ReportViewer control?

On the Report Manager site (http://mymachine/reports > Properties > Security) I see only one group or user - MYDOMAIN\myusername, with all of the possible roles (Browser, Content Manager, My Reports, Publisher, Report Builder).

Any ideas?

EDIT: @davidsleeps : I'm using SSRS 2008 on my dev machine, with SSRS 2005 in production, unfortunately. I thought the security methods would have been transferrable between the two.

+1  A: 

For the report manager (2005)
IF your machine is on the domain, you should be able to find the "Reports Manager" directory where it is installed and set permissions on the folder. You can use that to prevent other users from accessing http://mymachine/reports

I think the default path to that is something like:

C:\Program Files\Microsoft SQL Server\MSSQL.X\Reporting Services\ReportManager

But you can just open up IIS and check what the Virtual Path is...

For the reports
I'm not sure of the easiest way, but you can set the permissions on your reports and create an account which your ReportViewer control can use which has access to the reports. In your asp.net web app (or whatever) you can then pass the credentials through.

davidsleeps  2010-08-20 03:52:18
Depends what version of SSRS he's using, SSRS 2008 doesn't use IIS.
MrEdmundo  2010-08-20 10:05:29
Very true...I'll add that
davidsleeps  2010-08-20 10:33:10

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?