Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 Development Tools
 Reporting Services Development
 Security Question for viewing reports

Author  Topic 

mru22
Starting Member

2 Posts
Posted - 2006-11-28 : 16:00:19
I have installed SSRS for SQL Server 2005 and have Integrated Authentication as the only option when I look under IIS Security. I have disabled the Guest account but users are still able to URL hack to my reports such as http://servername/reports.

When I am in the report manager and look at properties I only have the builtin/administrators.

This is internal but I want to block out users from being able to access via url.

Is there another setting i need to check or disable to prevent this from happening?

Thanks,

ditch
Master Smack Fu Yak Hacker

1466 Posts
Posted - 2006-11-29 : 04:21:25
Go to http://servername/reports - then click on the properties tab and then click on security and set up all permissions there.
This can also be done at the subfolders level on the report server, but remember that all permissions are inherited from the higher level folders and you only need to set permissions on the lower level folders if you want to overide the inheritted permission for that folder.


Duane.
Go to Top of Page

mru22
Starting Member

2 Posts
Posted - 2006-11-29 : 09:23:03
Ok when I go to http://localhost/reports I click on properties and then the Security tab. The only Role assignment is BUILTIN\Administrators I have no other roles. When I click on Site Settings I have UNCHECKED Enable My Reports to Support user-owned folders for publishing and running personalized reports.

When I click on Configure Site Wide Security, I have selected System Administrator as the only role assigned to the BuiltIN\Administrators.

I also navigated to the ReportManager folder to see what users/groups where on the Security Tab. I initially had Everyone and I removed that and now all I have is Administrators.

When I do that I cannont access the report manager. Do you know what other users group I should include in the security properties without giving everyone else access to the ReportManager Url ?

Thanks,
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site