I am trying to create a TSQL statement or stored procedure that can
tell me what users belong to what group and what groups have access to
what files. Can anyone help? Can I pull out a list of names from
Active Directory to use as my user list?
I have made a server security audit and specify from database audit specification to audit "select" on a certain user and on a certain table. I logged in by this user and made the select statement..when i run this query
"select * from sys.fn_get_audit_file('d:Auditaudit1*',null,null)"
It return a value at which time the query has done
after 15 minutes i repeated the same action, i run the audit query and the same result is showed off on the panel.is it suppose to return a list of values by how many times this user has made the select statement on that table ? for example at 5:00 pm then 6:00 pm and so on
Does anyone know how to programatically add a group/user to Report Server and assign it a role.
View 3 Replies View RelatedHello,
I have a big problem with Reporting Services 2005 working on Windows 2003 Server.
RS work as Network service, on subdomain reporting.mydomain with SSL wildcard certificate *.mydomain,
Anonymous access: disabled and basic authentication: enabled
ReportManager and reportServer has defualt virtual folders (/reporting, /reportserver)
My problem is:
1) I can't manage security roles and site settings with report maanger. when I try assign roles to new user or group I get followng error:
"The user or group name 'BUILTINAdministrators' is not recognized. (rsUnknownUserName) Get Online Help"
when i try to execute reports in report manager, parameters controls are not displayed correctly (very simple text boxes) and I can see:
The selected report is not ready for viewing. The report is still being rendered or a report snapshot is not available. (rsReportNotReady)
and I can't see my report in browser (IE 6.0) but only export to PDF, Excel...
other functionality are working fine i.e upload new files, creatign folders....
2) Also my reportserver virtual folder does not work correctly.
When I navigate to mydomain/reportserver I can see content of this virtual folder, than when I navigate to ReportService.soap i can see normal ReportServer view
reporting.mydomain - /Reportserver/
[To Parent Directory]
Montag, 10. April 2006 16:31 <dir> bin
Dienstag, 6. September 2005 01:12 488278 Catalog.sql
Dienstag, 6. September 2005 01:12 14738 CatalogTempDB.sql
Freitag, 21. April 2006 19:45 10555 Copy of rsreportserver.config
Freitag, 14. April 2006 17:29 76 global.asax
Freitag, 15. Juli 2005 01:12 26582 ModelGenerationRules.smgl
Montag, 10. April 2006 16:31 <dir> Pages
Montag, 10. April 2006 16:31 <dir> ReportBuilder
Montag, 13. Juni 2005 14:07 143 ReportExecution2005.asmx
Montag, 13. Juni 2005 14:06 196337 ReportingServices.wsdl
Montag, 13. Juni 2005 14:07 131 ReportService.asmx
Montag, 13. Juni 2005 14:07 131 ReportService.soap
Montag, 13. Juni 2005 14:07 139 ReportService2005.asmx
Dienstag, 13. Juni 2006 20:01 10580 rsreportserver.config
Montag, 13. Juni 2005 14:07 11845 rssrvpolicy.config
Montag, 10. April 2006 16:31 <dir> Styles
Freitag, 17. Juni 2005 01:09 2673 web.config
but me reports are not displayed correctly, I can run reports but top bar with parameters, export and print function are not displayed in correct format.
(simple textboxes, and icons)
reporting.mydomain/ReportServer - /
Microsoft SQL Server Reporting Services Version 9.00.1399.00
I think it is security issue. What schould i do to solve this problems?
Wojtek
hi,
does anyone know how i can audit a servers login id's and tell the last time it was used. i have just gain about 8 sql servers with a bunch of users that i know are no longer around. so i am trying to trim out dead id's
thanks for any help !!
k ingram
cellstar corp.
A user was created with a limited privilege under the USERS group. Once this user loged in the Report Manager he is acting like an Admin and Content Manager, though he is not given even a browser role.
What do u think that this guy is acting like a Super User evenif he is restricted to a browser role on the Report Manager ????????????
I did all my best, but no luck so far
I need to be able to run a SECURITY audit/report against my Report Servers. I want to be able to see which users have which rights in which folders, etc.
I cannot find any canned report for this (from MS or on Web)
I cannot find data in ReportServer dbase that I can read.
Has anyone done this? How?
Hi All,
I'm an Oracle DBA that has inherited some SQL Server 2000 databases.
Can you audit a particular user in Sql Server 2000. We need to know exactly what a particular user is doing, (i.e. creating/dropping objects, and what data he is accessing)
what is the best way to do this??
Thanks,
Dave
What is the easiest way to find out what objects a security login has mapped to it? Something that would show all the explicit grants a specific user has.
View 6 Replies View RelatedHello all, does anyone know of a SS2005RS user audit program that an administrator can run on a RS server to show which userids have access to folders? I have in mind a pgm that would show:
folder users
Home user01, user02, user03
folderA user01,user02, user05
folderB user02, user06
Is there a pgm available as a download, or does someone have a home-grown pgm whose source they would let out?
Has anyone else faced this need?
Thanks in advance
Hello everyone,
Does anyone know of a quick way to audit all users in a database and display their rights and permissions on a table level. I would hate to have to do it one user at a time. There has to be an easier way.
I'm going through a Sarbanes Oxley audit and need to provide them this information.
I'll try to reproduce this later, but want to report it before I forget.
I just had my package fail on a VM I was testing on. It failed because on that machine, I logged in as MachineNameAdministrator instead of using my domain account (the VM is not in the domain).
This was a problem because the "User Name" column generated by the Audit Transformation was 17 characters long! This is the length of my domain + user name on my development machine. Similarly, the machine name length was 15 characters.
I'd love to know what the "correct" sizes are for these columns. In the meantime, I'm going to set these to 255 manually, and hope the size sticks.
P.S. There was one other post on this topic, though the thread isn't clear that this was the problem: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=472445&SiteID=1.
Building on the thread http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2205669&SiteID=1 which Jessica Moss posted the code below:
Code Block
select u.UserName, c.Path, r.RoleName
from ReportServer.dbo.PolicyUserRole pur
left join ReportServer.dbo.Users u on pur.userID=u.userID
left join ReportServer.dbo.Roles r on pur.roleID=r.roleID
left join ReportServer.dbo.Catalog c on pur.policyID=c.policyID
order by u.UserName, c.Path, r.RoleName
I tried to take it one step further and add a parameter where I could just type in the users Active Directory login id, thus limiting the result set. I also wanted to avoid having to type in the domainnameuserid for each parameter and only wanted to type the userid. So I changed the code (see below) and added a multi-value parameter called users.
Code Block
select u.UserName, c.Path, r.RoleName
from ReportServer$SQL2005DSS.dbo.PolicyUserRole pur
left join ReportServer$SQL2005DSS.dbo.Users u on pur.userID=u.userID
left join ReportServer$SQL2005DSS.dbo.Roles r on pur.roleID=r.roleID
left join ReportServer$SQL2005DSS.dbo.Catalog c on pur.policyID=c.policyID
where u.Username IN('DOMAINNAME' + @Users)
order by u.UserName, c.Path, r.RoleName
Unfortunately, if I type:
Domainnamejblack
Domainnamejdoe
Domainnameefranks
I only get a return for the first userid entered. Any ideas?
Greetings,VWD EE and other Tools do not have problems working O.K. on my machine, when I am logged-on as restricted(limited) user, both environment and local web server are functioning, and it was MS effort to do it right.BUT the Problem is, when I try to connect to database->new DB connection(either through vwd or management studio etc). I get an Error - which should be written to event log (according to msg) but it isn't - that I can't connect. I am sure that it is because NO SQL SERVER2005EXPRESS instance is running, which I think is the only prerequisite to have it work (I do not need sqlbrowser service I am doint local development).SQL2005express service is configured on MANUAL start. I can start it as administrator through SQL config manager, but it is not convienient and what I want. I need to start it ONLY as a developer user, I do not want it to be running all-the-time for everyuser using computer. It was congigured as Network Service logon, I tried Local Service logon, and I even tried configuring it to logon as -my developer user- account, e.g. with limited user name and his password.In every case I can't start the service as member of users group and this developer. Then I added limited user to SQL2005EXPRESS group. Still NO help, won't start either.My question is, If I want to start developing ADO2.NET application and I need to have running SQL2005Express instance as a develper, how can I start it? I think I do not have some rights to masterDB or something. Do it allways need to be running when computer starts? Isn't there any other way, to start it JUST when I think I start developing?I know of user-mode of accessing SQL2005express DBs, but it also assumes that SQL2005Express service is already running, what I am trying to prevent. I do not want to have it running for everyone who uses computer, just for someone who neeeds it.Any help explaining me the right way HOW TO SETUP WORKING ENVIRONMENT when developing as limited user welcome, I read the the documentations and haven't found the answers.THANK YOU !
View 1 Replies View Related1. Does SSRS is J-Sox Compliant, an application must have audit trail feature. For Reporting printing, it should facilitate reports' data logging process.
2. Information like WHO and WHEN printed the report and WHAT data was viewed?
I need help...here is the problem.Last weekend, the servers in our datacenter where moved around. After thismove, and maybe coincidental, 1 server is performing very poor. Afterrunning a trace with SQL Profiler, I saw the problem which was laterconfirmed with another tool for SQL server performance monitoring. It seemsthat all connections to the SQL server (between 200 - 400) are doing a login/ logout for each command that they process. For example, the user'sconnection will login, perform a SELECT, and then logout. This is not a..NET application. The client software was not changed, it is still thesame. The vendor has said that it is not supposed to do that, it issupposed to use 1 connection that log's on in the morning and logs off atthe end of the day or whenever the user exits. 1 user may have severalconnections to the database.At times, the server is processing over 250 login / logouts (avgeraged for30 second period). Has anyone seen this problem? I have the server inAUDIT FAILUREs only. The server has become very unresponsive, things thattook 3 seconds now take over 15 seconds.Any ideas???
View 6 Replies View RelatedI have a report builder drill down report. I have row groups with totals. It looks like the attached. The problem is when the report is not expanded the Grand Totals column is not accurate... it is displaying the totals of one of the rows when expanded.The expression in the Total Show text box is
= Switch (
MID(Fields!protocol_id.Value,1,7)="THERAPY",
Sum(IIF(Fields!status.Value = "CO", CDbl(Fields!TX_CO.Value), Nothing)),
MID(Fields!protocol_id.Value,1,7) = "GENERAL" and MID(Fields!program_id.Value,1,6)
= "INTAKE", Sum(IIF(Fields!status.Value = "CO",
[code]...
Is there any way to not display the expression in the Total columns unless the report is expanded?
Hi,
I have several reports for users to view on our Intranet. After installation of SQL 2005 SP2 patch, I cannot delete user or user's authority from Report in Properties Tab. An error message was shown on the status bar. It indicated that JavaScript Error: 'Return' statement outside of function. Seems something wrong with the 'Delete' funciton in SQL 2005 after update. The other functions worked fine. Could you point me out how to fix it or need to install any updates / hotfix. Thanks a lot!
Regards,
Kenneth Lai
Programmer
Error Pic
Message Box
Hello. I am trying to write a report that pulls information in from Active Directory. I have a view created that gets a listing of users and a view that creates a listing of user groups, but I can't seem to figure out how to get all user groups that are associated with the users. This is what I have.
SELECT TOP 100 PERCENT *
FROM OPENQUERY(ADSI, 'SELECT cn, groupMembershipSAM FROM ''LDAP://wmdomain.local'' WHERE objectcategory=''group''') Rowset_1
SELECT *
FROM OPENQUERY(ADSI,
'SELECT title, displayName, sAMAccountName, givenName, telephoneNumber, facsimileTelephoneNumber, sn
FROM ''LDAP://wmdomain.local''
WHERE objectCategory = ''Person'' AND objectClass = ''user''')
Rowset_1
Let me know if you have any suggestions!
BJ
If I have an NT User created as a SQL login - and an NT Group as a SQL login, and then I revoke access to the Group - can the user still get in...? Should they be able to - since their specific user account is not locked, but the group is....?
I guess the real question is - when using NT Authentication, does security behave like NT - if you are denied one place - you are denied all places...?
Dean
I have done the following and a domain user would not access report created a login to the SQL server to the user (this SQL Server is where data source DB is)went to site setting in Report Manager and made this use a system userright clicked on report folder and made this user in the browser roleeven checked that in the report in question, the user is already in the browser role Still the user would not access the report! "User .......... does not have required permission" is the error message I am getting.
View 6 Replies View RelatedHi,
I have environment that use SSRS 2005 ad hoc reporting.
One of the users (out of 200) is unable to open or save reports in the report builder.
the user succeed to open the report builder, when he try to save report that he build from shema he get error. as well when he try to open an existing report that build in the report builder he also get an error,
On open the error is:
The numeric portion of 2pt cannot be parsed as a unit of the type point.
The Initilizer for 'Microsoft.ReportingServices.Design.Constants' threw an exception
On Save the error is:
System.IO.StreamReader: Deserialization failed: The type initializer for 'Microsoft.ReportingServices.Design.Constants' threw an exception. Line 2, position 2
Please note that I succeed with second user to create ad hoc report on the first user
computer. I also failed to with the first user to create ad hoc on another computer.
It seems like permissions issue
Thanks,
Assaf
Is anyone aware of a SQL Server User group in NY City?. I am a member of one which is dormant for last 2 years.
View 5 Replies View RelatedHi there!
I've got a SPROC that generates a recordset of user vote tallies (they're calculated in a separated SPROC). The user submissions are grouped by a GUID value so as to remain unique for a user's submission (each user can have multiple submissions.
The problem is that the recordset returned displays ALL the users, and I'd like to only select the highest score for each user. So, if I have 500 submissions from 3 users (User1 and User2 submit once each and User3 submits 497 times), the total recordset will have 3 rows - being the highest score per user, discounting the others.
Here's my base query:
SELECT a.UserID,a.Name AS [Name],SUM(b.TotalTally) AS [TotalPoints]
FROM Users a
INNER JOIN Ballots b ON a.UserID = b.UserID
GROUP BY a.UserID, a.Name,b.SubmissionGUID
ORDER BY [TotalPoints] DESC,[Name] ASC
...and I've been able to get the highest vote per user, discounting duplicate entries, by using this:
SELECT a.UserID,MAX(b.TotalTally) AS [TotalPoints]
FROM Users a
INNER JOIN Ballots b ON a.UserID = b.UserID
GROUP BY a.UserID
How can I write combine the two in a nested subquery to display only the top score per user?
How to find out which NT group(s) an user belongs to? any ideas?
View 4 Replies View RelatedOur system administrator set up an NT server group in order to allowour users to login to our application via https to our sql server.The group appears as a User in SQL Server when you look at it inEnterprise Manager. That said, I can not see the users associatedwith the group from Enterprise Manager, but know they can login to thedatabase.The problem is this. When we login via the web we get access to thedatabase without problem, but when you look at the current_user whatyou see is the login Name the user entered and NOT the name of thegroup/User. That is to say, I can see a UserID which is not listed asa User in SQL Server and can't see the name of the group, which islisted as a user in SQL Server.I need to know who's logging in order to direct them to theappropriate web page via their role. Before the admin set up thegroup, I was using sp_helpuser to get the role, but then again I hadthe userID to do this.The question I have now, is there any way to see what thegroup/user is who logged in i.e. the goup listed as the User inEnterprise Manager? Otherwise I have to build a table of userIDs andtheir group/User name, which seems to defeat the purpose of having heserver authenticate users.Thanks,Tom
View 2 Replies View RelatedI have a problem that many reports and folders were created with my administrative account. Due to some problems with AD my account was renamed MYDOMAINmyuser1. Everything has seemed to work fine for several months. Today I started getting an errors in the logs and subscriptions won't work.
w3wp!ui!1!3/25/2008-06:03:14:: e ERROR: System.Web.Services.Protocols.SoapException: The user or group name 'MYDOMAINmyuser' is not recognized. ---> Microsoft.ReportingServices.Diagnostics.Utilities.UnknownUserNameException: The user or group name 'MYDOMAINmyuser' is not recognized.
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WebServer.ReportingService2005.SetSubscriptionProperties(String SubscriptionID, ExtensionSettings ExtensionSettings, String Description, String EventType, String MatchData, ParameterValue[] Parameters)
w3wp!ui!1!3/25/2008-06:03:14:: e ERROR: HTTP status code --> 200
-------Details--------
System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: The user or group name 'MYDOMAINmyuser' is not recognized. ---> Microsoft.ReportingServices.Diagnostics.Utilities.UnknownUserNameException: The user or group name 'MYDOMAINmyuser' is not recognized.
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WebServer.ReportingService2005.SetSubscriptionProperties(String SubscriptionID, ExtensionSettings ExtensionSettings, String Description, String EventType, String MatchData, ParameterValue[] Parameters)
at Microsoft.ReportingServices.UI.ReportingWebControl.ShowErrorMessage(Exception e)
at Microsoft.ReportingServices.UI.SubscriptionPropertiesPage.SaveButton_Click(Object sender, EventArgs args)
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
w3wp!ui!1!3/25/2008-06:03:14:: e ERROR: Exception in ShowErrorPage: System.Threading.ThreadAbortException: Thread was being aborted.
at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm)
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) at at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm)
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
w3wp!extensionfactory!1!3/25/2008-06:03:41:: w WARN: The extension Report Server Email does not have a LocalizedNameAttribute.
w3wp!extensionfactory!1!3/25/2008-06:03:41:: w WARN: The extension Report Server FileShare does not have a LocalizedNameAttribute.
I've deleted and recreated the subscriptions and I am still get these error messages. Any help resolving this is really appreciated.
we do get incidents saying user can't login even adding to the group.So is there any script to check which group the user xxxxx belongs to from SSMS?
View 2 Replies View RelatedHi...
I have a requirement where I need to pass the Users Windows userID and the AD group through which he is associated to the database so that I can get appropiate data.
Is there a way I can pass the Windows user ID and the AD group(through which he is authenticated in Reporting Serivces) through the Reporting Serivces as a parameter so that it can be used in the Reporting Query.
Thanks,
siaj
Hi
In our sql server we have around 40 windows group.
Say a Windows user = "X"
This X user does not have a direct windows login, he is present in one or more windows groups registered in the sql server.
I need to know throught which group he is logging in.
If I know this , this will help in my auditing process.
Thanks in advance.
Regards
Soorya
I am setting up security for access of database tables for members in a specific Windows User Group.I want to check in a SQL script if this Windows User group is added and if so, add database users and grant SELECT on specific tables.
I have tried this:
SELECT * FROM master.sys.syslogins WHERE name like '%FoeUsers' AND isntgroup = '1'
but that selects a SQL user or group and not a Windows Group.Is there a way to check if a Windows NT (active Directory) user group exists?
Hi,
I've created an rdl report in reporting services 2005. Report is working fine. I've deployed this report on SQL Server 2005. The problem is this that to access the reports from client, I need to add client's login ID in Administrator user's group os server. If I dont add them in that group, it shows following error:
"The permissions granted to user 'loginname' are insufficient for performing this operation. (rsAccessDenied)".
This solution works fine in development but in actual environment, I can't add users in that group. Can anyone tell me how to view reports without adding user in administrator group. Its urgent.
Looking forward for help.
Hi guys,
I'd appreciate your thoughts on this. Not done too much DB admin. Usually I do development work and the admins to the admin.
The database is behind an API of stored procedures to manipulate the data, and views to select the data.
The database needs to be accessed remotely by multiple clients.
How best to keep the database secure?
Create a new user and login on the database which is made known to all client applications. Then grant execute permission on the stored procs and grant select on the views?
There is probably a better way than one login for all? Should I be looking at roles and groups etc? If so, how best to set that up?
A few pointers would be gratefully received!