I am trying to implement forms authentication in reporting services and I
would like to use the report manager for rendering reports. What I don't
want to use is the built-in tools for item level and system level security.
Is there a way to get information as to which item is being accessed in the
Getpermissions and CheckAccess function so I can check my custom database for
authorization?Brent,
I don't think you need to know the item accessed because the CheckAccess
overload is scoped at an item level. In other words, if the user tries to
run a report A, the Report Server will pass the security descriptor for
report A only. The job of the security extension is to find out if the user
has rights to carry the action by examing the security descriptor. Any yes,
you can use application-defined role membership policies to simplify the
user maintanance.
I have a two-part article in the works for the SQL Magazine which discusses
Forms Authentication in detail. It should be out in January-February issues
I think.
--
Hope this helps.
---
Teo Lachev, MVP [SQL Server], MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
---
"Brent Slezak" <Brent Slezak@.discussions.microsoft.com> wrote in message
news:4614209E-953D-4A4B-B2BD-96EFE79FFDAC@.microsoft.com...
> I am trying to implement forms authentication in reporting services and I
> would like to use the report manager for rendering reports. What I don't
> want to use is the built-in tools for item level and system level
security.
> Is there a way to get information as to which item is being accessed in
the
> Getpermissions and CheckAccess function so I can check my custom database
for
> authorization?|||Teo,
First of all, I want to thank you for your prompt response to my question
and I will be looking for that article when it comes out.
Let me go into further detail as to the situation with the reporting
services and how I would like to use them. I currrently have a proprietary
security system setup for my enterprise-scale application that manages
thousands of users and groups and tens of thousands of roles. I don't want to
have to re-define that information in the ReportSErver database. Actually I
would like it if I had absolutly no security definition at all in the
ReportServer database. That being said. How would I get the unique
identifier of the object (i.e. report,folder,datasource) being accessed so
that I can cross-reference MyDatabase1 for security access.
In a nutshell I want to be able to use the report manager for the report
rendering and not for managing role-based security. I think building our own
custom rendering UI is the only logical alternative.
Please let me know what you would consider the best option with this scenario.
Thank you in advance for your input.
Brent
"Teo Lachev [MVP]" wrote:
> Brent,
> I don't think you need to know the item accessed because the CheckAccess
> overload is scoped at an item level. In other words, if the user tries to
> run a report A, the Report Server will pass the security descriptor for
> report A only. The job of the security extension is to find out if the user
> has rights to carry the action by examing the security descriptor. Any yes,
> you can use application-defined role membership policies to simplify the
> user maintanance.
> I have a two-part article in the works for the SQL Magazine which discusses
> Forms Authentication in detail. It should be out in January-February issues
> I think.
> --
> Hope this helps.
> ---
> Teo Lachev, MVP [SQL Server], MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> Publisher website: http://www.manning.com/lachev
> Buy it from Amazon.com: http://shrinkster.com/eq
> Home page and blog: http://www.prologika.com/
> ---
> "Brent Slezak" <Brent Slezak@.discussions.microsoft.com> wrote in message
> news:4614209E-953D-4A4B-B2BD-96EFE79FFDAC@.microsoft.com...
> > I am trying to implement forms authentication in reporting services and I
> > would like to use the report manager for rendering reports. What I don't
> > want to use is the built-in tools for item level and system level
> security.
> >
> > Is there a way to get information as to which item is being accessed in
> the
> > Getpermissions and CheckAccess function so I can check my custom database
> for
> > authorization?
>
>|||Brent,
I understand your scenario now. Of course, assuming that the reports will
be rendered on the server side of the application you don't have an issue
since you have an application front end. This is similar to the security
scenario I describe in Chapter 13 of my book.
However, the real problem is with URL addressability and custom security
extension. One approach that may be appropriate in your case is to get the
report path from the URL request. This could be similar to the approach I
describe in the following thread
http://groups.google.com/groups?q=Disable+Hyperlink+in+EXCEL&hl=en&lr=&selm=%23VCcwuh1EHA.1264%40TK2MSFTNGP12.phx.gbl&rnum=1
Once you get the report path, you can get the report identifier (the primary
key in table Catalgo) which is what you may want to use in your custom
security infrastructure.
--
Hope this helps.
---
Teo Lachev, MVP [SQL Server], MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
---
"Brent Slezak" <BrentSlezak@.discussions.microsoft.com> wrote in message
news:3741B21F-0963-457F-8EC6-A1F6403CB514@.microsoft.com...
> Teo,
> First of all, I want to thank you for your prompt response to my question
> and I will be looking for that article when it comes out.
> Let me go into further detail as to the situation with the reporting
> services and how I would like to use them. I currrently have a
proprietary
> security system setup for my enterprise-scale application that manages
> thousands of users and groups and tens of thousands of roles. I don't want
to
> have to re-define that information in the ReportSErver database. Actually
I
> would like it if I had absolutly no security definition at all in the
> ReportServer database. That being said. How would I get the unique
> identifier of the object (i.e. report,folder,datasource) being accessed so
> that I can cross-reference MyDatabase1 for security access.
> In a nutshell I want to be able to use the report manager for the report
> rendering and not for managing role-based security. I think building our
own
> custom rendering UI is the only logical alternative.
> Please let me know what you would consider the best option with this
scenario.
> Thank you in advance for your input.
> Brent
> "Teo Lachev [MVP]" wrote:
> > Brent,
> >
> > I don't think you need to know the item accessed because the CheckAccess
> > overload is scoped at an item level. In other words, if the user tries
to
> > run a report A, the Report Server will pass the security descriptor for
> > report A only. The job of the security extension is to find out if the
user
> > has rights to carry the action by examing the security descriptor. Any
yes,
> > you can use application-defined role membership policies to simplify the
> > user maintanance.
> >
> > I have a two-part article in the works for the SQL Magazine which
discusses
> > Forms Authentication in detail. It should be out in January-February
issues
> > I think.
> >
> > --
> > Hope this helps.
> >
> > ---
> > Teo Lachev, MVP [SQL Server], MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > Publisher website: http://www.manning.com/lachev
> > Buy it from Amazon.com: http://shrinkster.com/eq
> > Home page and blog: http://www.prologika.com/
> > ---
> >
> > "Brent Slezak" <Brent Slezak@.discussions.microsoft.com> wrote in message
> > news:4614209E-953D-4A4B-B2BD-96EFE79FFDAC@.microsoft.com...
> > > I am trying to implement forms authentication in reporting services
and I
> > > would like to use the report manager for rendering reports. What I
don't
> > > want to use is the built-in tools for item level and system level
> > security.
> > >
> > > Is there a way to get information as to which item is being accessed
in
> > the
> > > Getpermissions and CheckAccess function so I can check my custom
database
> > for
> > > authorization?
> >
> >
> >
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment