Managing permissions in SQL Server Reporting Services

Because much of a company's data is sensitive and should not be seen by everyone, data protection is a priority. In this tip, we will cover the SSRS security model and talk about how you can leverage it to lock down your SSRS environment.

Overview

Site-level security in Reporting Services 2005

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server Business Intelligence (BI) and Data Warehousing Ensuring high availability of SSAS databases Building a data warehousing and BI solution An overview of SQL Server Report Builder 2.0 An introduction to SQL Server data warehousing concepts Sharing SSAS cube data in SharePoint with PerformancePoint Server 2007 Microsoft SQL Server Integration Services primer A short history of SQL Server Integration Services SQL Server Reporting Services Fast Guide New data profiling tools in SQL Server 2008 Utilize SSAS for data predictions and classification using Excel SQL Server Security The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 The fine line between not encrypting your databases and breach notification Securing SQL Server with access control, login monitoring and DDL triggers SQL Server security: Controlling access via database roles Implementing security audit in SQL Server 2008 New security features in SQL Server 2008 leave some work for you Can I encrypt and restore a database backup in SQL Server 2005? FAQ: How to troubleshoot and grant SQL Server permissions Secure SQL Server from SQL injection attacks Microsoft SQL Server 2005 (Yukon) SQL Server Reporting Services Fast Guide SQL Server Service Broker Tutorial and Reference Guide Tips for tuning SQL Server 2005 to improve reporting performance SQL Server consolidation: Why it's an optimization technique Parent-child dimensions in SQL Server 2005 with Analysis Services MDX Enforcing data integrity in a SQL Server database SSIS error message due to installation problem on SQL Server 2005 Should you upgrade to SQL Server 2005 or SQL Server 2008? Basics for working with DATETIME and SMALLDATETIME in SQL Server 2005 How to configure Database Mail in SQL Server 2005 to send mail Microsoft SQL Server 2005 (Yukon) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data aggregation  (SearchSQLServer.com) data preprocessing  (SearchSQLServer.com) data warehouse  (SearchSQLServer.com) FileMaker  (SearchSQLServer.com) GIS  (SearchSQLServer.com) MOLAP  (SearchSQLServer.com) pivot table  (SearchSQLServer.com) Quiz: SQL Server 2000  (SearchSQLServer.com) SQL  (SearchSQLServer.com) T-SQL  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

-level role. There are two built in system-level roles when you install SQL Server Reporting Services.

Take a look at the screenshot below. To create new roles, click Site Settings in the top right corner of the Report Browser and then select Configure system-level role definitions under Security. This will open the System Roles page: To create a new role, click the New Role button. This will open the New System Role page, shown in the screenshot. All you have to do now is name the role, give it a description, and then select all the tasks you want this role to be able to perform. When you're done, click OK.

To assign users to this newly created role, go back to the site settings screen and select Configure Site-wide Security. This will open the System Role Assignments screen and you can simply click New Role Assignment to add new Windows users or groups to one of your SSRS system-level roles.

Item-level security in Reporting Services 2005

As with system-level roles, there are some built-in item-level roles you can use when assigning permissions in this area of SQL Server Reporting Services. If these roles aren't enough, you can build additional roles and assign users any combination of the item-level tasks we just looked at. The built-in item-level roles are as follows:

Now, let's get down to the details. To manage these roles, you have several options. Item-level security can be applied to a folder, report, data source or resource. To give SQL Server users permission to an item, you need to open that item and view its security properties. When you add a user, you also have to assign a user to a role for that item. In the case of folders, the role a user is assigned at the top-level folder will, by default, be inherited by other items inside that folder. You do have the ability to override security on a lower-level folder of item-level security.

At this point, the security of your SSRS server is entirely up to you. You can create different folders for each department and assign only employees in that department with access to that folder. Within each department folder, I like to create an additional folder for sensitive reports and further lock that folder down to the appropriate users. Take some time and really plan out how your reports will be placed on the server and how you want the security to look. When using SQL Server Reporting Services, there is no reason that all of your reports, regardless of sensitivity, can't be stored in a single report server.

[TABLE]

Rate this Tip To rate tips, you must be a member of SearchSQLServer.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.