Security Recommendation - Linked Report
Dec 18, 2007
I have a report with a hidden parameter that defaults to the logged in user. In this way, a user can only see his own information. However, I now need to give a group of administrators access to change the value of the parameter (to see information for other people). What is the best/most appropriate way to accomplish this?
I thought I'd try the Linked Report, but do not see how I can set the default value for the User ID parameter to the value of the current logged in user in the Reports Manager. Is that possible?
I also tried creating a report with the parameter open but restrictive access, and then use that report as a subreport on a report where the parameter is closed. However, a general user cannot open the subreport in this case because he doesn't have access to the open report.
Sarah
View 3 Replies
ADVERTISEMENT
Jan 19, 2007
I have setup a linked server on the same computer but different instances of sql. When I call the sprocs an error occurs... The message is...
The OLE DB provider "SQLNCLI" for linked server LINKEDSQL does not contain the table ""product"."dbo"."AccountTable". The table either does not exist or the current user does not have persmissions on that table.
I've checked the table "AccountTable" and it does exist. The database exist also which is "product". I also configure the linked server's RPC to "true" and timeout to "200". The linked server is also configured to use a single username and password which exist on the instance of sql that the linked server is connecting. Also, I enabled the instances of sql to allow remote connections and use mixed authentications.
The mode of access is that different client pc will call a method created with .NET, which in turn, call the sprocs on the linked server. Should I add all the client pc that will be calling the method? Any help or advice please... Thanks
View 5 Replies
View Related
Sep 19, 2007
Hi,
I'm trying to deploy Reporting Services on an Internet-facing web server using a custom security extension (forms authentication). We will be putting Report Manager on the Web Server outside of the firewall, and Report Server on another machine inside the firewall. When testing the solution in a development environment with Report Manager and Report Server on the same box, the solution works fine.
When testing it using the Internet-facing environment described above, it almost works but there seems to be an issue with the authentication cookie that is generated. Here's what happens:
1. User enters credentials on UILogon.aspx and submits form.
2. In the code-behind, LogonUser() is called through a web service proxy and the authentication cookie is returned successfully. The code used here to set the cookie is the same code used in the Forms Authentication sample that ships with RS2005.
3. The user is redirected to Folder.aspx, and the request hangs for a while, and eventually kicks you back out to UILogon.aspx, as if it lost the authentication cookie. When doing a trace on the HTTP header, the cookie is still there.
Is there anything special I need to do to make the Report Server "see" the cookie when I have Report Manager and Report Server on different machines?
Any help would be much appreciated!
Mike
View 2 Replies
View Related
Apr 13, 2007
What is the practical difference between using "Not be made" and "Be made without using a security context"?
I've searched and it seems that if you are serious about NOT wanting anyone except a single login to be able to access the linked server that you ought to use "Not be made", however it seems that elsewhere it suggests that "Be made without using a security context" will accomplish the same thing.
Is that right?
If so, then what is the point?
Ex: I'm trying to apply the fewest settings on a sql server B linked to sql server A, but I only want login ZZZ to be able to access B through A, so I figure I ought use "Not be made", however reading various places it seems that "Be made without using a security context" is suggested to do the same thing.
This quote from -
http://www.microsoft.com/technet/prodtechnol/sql/2000/books/c08ppcsq.mspx
"Be Made Without Using A Security Context Blocks access to all logins not explicitly mapped to the linked server."
View 4 Replies
View Related
Apr 3, 2007
Hi
I have 2 sql servers server1 and server2. I need to setup a linked server from server1 to server2.
I want to limit the access for 1 user to be able to use this linked server from server1. I also want a login/password for the linked server connection to be setup for the access.
I am not clear about thedifferent security levels and not sure which one I can use
View 3 Replies
View Related
Oct 19, 2005
We are trying to link an SQL2K server (Running in mixed mode) to an SQL2K Server (Running in Windows only mode).
View 3 Replies
View Related
Jun 1, 2007
Can someone tell me how to go about adding security to a field in a linked table so that only certain people can access and modify the information? Thank you in advance to anybody who can help me out here!
View 6 Replies
View Related
May 27, 2008
SQL Server 2005 SP2
Windows Server 2003
I am attempting to figure why, when using a domain account, that I am unable to run queries against a linked server using my own security context.
I create the linked server:
EXEC sp_addlinkedserver @server='TestLink', @srvproduct='', @provider='SQLNCLI', @datasrc='ServerB', @provstr='Integrated Security=SSPI;'
EXEC sp_addlinkedsrvlogin 'TestLink', 'TRUE'
When I run a query against the linked server (SELECT * FROM TestLink.master.sys.servers) using my domain account, I get the following error:
Msg 18456, Level 14, State 1, Line 1
Login failed for user 'NT AUTHORITYANONYMOUS LOGON'.
OLE DB provider "SQLNCLI" for linked server "TestLink" returned message "Invalid connection string attribute".
I followed the instructions in the article "SQL Linked Server Query failed with €œLogin failed for user €¦€?" on the SQL Protocols blog, but I still am getting nowhere.
I've run out of ideas, and really need some help trying to figure out what is going wrong.
Brandon
View 4 Replies
View Related
Jul 6, 2001
NT 4/SP6a/ SQL7/SP1
I have a job owned by UserA on ServerA that selects data from ServerB. UserA
also exists on ServerB with same ID and password. UserA is dbo on ServerA
for all the databases. UserA is also member of the "System Administrators"
server role on ServerA. The job works OK. But if I remove it from "System
Administrators" server role and run the job, I get the following error
message and the job step fails:
Remote access not allowed for Windows NT user activated by SETUSER.
[SQLSTATE 42000] (Error 7410)
UserA on ServerB [remote server] has ReadOnly access. ServerB is linked to
ServerA using "they will be mapped to" option and UserA.
Any ideas!!!
Thanks
Abdul Gill
View 1 Replies
View Related
Sep 14, 2006
I€™ve been working on getting a linked server through SQL 2005 to work with VFP 9.
I get access denied for any and all security set ups on the linked server. I€™ve checked the folder-level security settings and see that the user I€™m logged in as, and have tried through security settings, and they seem to have access.
What other security settings should I be checking?
View 5 Replies
View Related
Sep 3, 2015
We are trying to track Linked servers configuration. Is it possible to query Linked server configuration like mappings, options, etc?
View 2 Replies
View Related
May 4, 2015
How to change the Security Properties of a Linked Server.
In tsql, I need to setup a linked server and want to set the Properties -> Security -> For a login not defined in the list above, connections will: -> Not be made But I cannot figure out how to set it to Not be made. I manually set it in the GUI, and the scripted the linked server and when I ran the script to create it was set to Be made using the login's current security context. The create script did not even set it correctly.
I have looked around and all that I have found is a column in sys.linked_logins, uses_self_credential that looks promising. But I cannot change the system catalog.
how i can set the "For a login not defined in the list above" security property in tsql?
View 4 Replies
View Related
Sep 17, 2015
Here are some details:
Domain = dm
Windows User = dmTestUser, member of sysadmin on SQLFL and SQLNY
SQL Server 2012 = SQLFL
SQL Server 2012 = SQLNY
Table = Product (exists in SQLNY and SQLFL)
SP = spGetProduct() (resides on SQLFL)
SQL Login = dbuser (on SQLNY, member of dbo on Product table)
I created a linked server on SQLFL pointing to SQLNY. Â The local server login to remote login mapping is as follows:
Local Login = dmTestUser
Remote Login = dbuser
with "Be made without security context" option selected. Run spGetProduct() to get Product records from SQLNY and populate Product table on SQLFL via the linked server.Here are tests I did:I connected to SQLFL using dmTestUser in SSMS. Â I manually executed the stored procedure spGetProduct() without any issues. Â Procedure gets Product records from SQLNY and populates the Product table on SQLFL. Â Everything is good.
I created a SQL Agent job called "Get NY Product" on SQLFL to execute spGetProduct(). Â I invoked this agent job and it executed successfully.However no data was loaded to the Product table on SQLFL. Â My stored procedure caught this error: Cannot initialize the data source object of OLE DB provider "SQLNCLI11" for linked server "SQLNY".
1. When sql agent job runs, which account does it use? Â Is the SQL Server Service or SQL Agent?I believe it's the sql agent.
2. What do I need to do to make this work?
View 4 Replies
View Related
Mar 16, 2007
I have this posted in the VFP section of the forums but the more I find out about the issue the more I think there is an SQL Server security issues.
What I am doing is trying to connect to a LinkedServer of my SQL Express 2005 database running on windows vista. I have the linked server set up to connect to a local FoxPro table using the VFPOLEDB provider. If I log in as the 'sa' account I am able to do my query. But if I log into the server using a trusted connection it doesn't work. I get the error [The OLE DB provider "VFPOLEDB" for linked server "sys" reported an error. The provider did not give any information about the error.]
So I went in and set the BUILTINUser login as the sysAdmin. I also made sure that all of the security settings in SQL server were set up the same between the trusted user and the 'sa' user.
My question is, What am I missing? Is there something that I need to set on windows or is there a setting in SQL server?
View 2 Replies
View Related
Sep 6, 2007
I've created a linked server with a pretty basic Excel spreadsheet, and used this command to create a linked server to it:
sp_addlinkedserver ''XL_SPS_1', 'Excel', 'Microsoft.Jet.OLEDB.4.0', 'c:MyExcel.xls', null, 'Excel 8.0'
I want to use this as the data from which to build a report model. As linked servers don't show up in the Data Source View wizard, I created a view in SQL Server:
create view MyExcel
as
select * from XL_SPS_1...Sheet1$
Okay, great, now the view shows up in the DSV wizard and I can create the data source view. However, when I create a new report model based on this data source view, the Report Model Wizard tells me at "Create entities for all tables" that I've got an error when it processes dbo_MyExcel that "Table does not have a primary key."
I assume this is where the identifying attributes for the entities in the report model are taken from, so I really can't go further. Does anyone have an idea as to how to add a primary key to a linked server (Excel) in SQL 2005? Can this be done? Other than importing spreadsheet data to a SQL table, how can I get around this?
Thanks,
--Stan
View 3 Replies
View Related
Oct 6, 2015
How do I get data on my linked report based on my grouped subtotal and grand total from the main report. The subtotal and grand total are calculated columns.
I have a 3 columns in my matrix in the SSRS summary report. Actn_COAST, ActnCITY and NumbOfAccts. Â
The following is code for my summary report. The results are shown below.
SELECT Distinct ActnCITY, Count(ACCT) as NumbOfAccts,
CASE WHEN ActnCITY in ('NY', 'OH', IN, 'NJ', 'SC', 'NC') THEN 'EAST COAST'
WHEN ActnCITY IN ('CA'. 'NV', 'UT', 'WA', 'OR') THEN 'WEST COAST'
ELSE 'OTHER'
END AS Actn_COAST
FROM tbl1
where ACTNDATE between @STARTDT and @EndDT
Code for my detail report contains the following SQL
SELECT * FROM tbl1 where ACTNDATE between @STARTDT and @EndDT AND @ActnCITY = ActnCITY
I have linked my report based on the NumbOfAccts column. I am able to get data if I click any of the NumbOfAccts values related to the state I want. However when I am not sure how to make the subtotal and grand total work. I want when I click on the subtotal of either coast, I should be able to see records of that coast e.g., if I select 37 I should be able to see all the records in East Coast. If I click on the Grand Total, I only want data related to those 2 coasts.
View 2 Replies
View Related
Jun 19, 2006
We are having some commercial applications that are running on sql servers at different sites, all with sql security. The software vendor wants to copy data into staging tables on our BI server. But our BI server only support Integrated security.
But how can i say, in the definition of a linked server (at the remote machines) to swicth security system ?
If it is possible i could enter a fixed domain-account in that users fields, but i suppose that this field was intended for SqlServer security.
View 3 Replies
View Related
Aug 3, 2015
We are using Microsoft jdbc driver 4.1 connecting to SQL 2012, which has a linked server to another SQL 2012 server.Will linked server calls work with kerberos authentication using Microsoft jdbc driver 4.1? connection string looks like this:
jdbc:sqlserver://SQL01;database= product_db; integrated Security= true;authenticationScheme=JavaKerberos..We have the linked server connection configured to use "Be made using the login's current security context"
Date      8/3/2015 4:19:56 PM
Log      SQL Server (Current - 8/3/2015 3:49:00 PM)
Source      Logon
Message
Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. Reason: Could not find a login matching the name provided. [CLIENT: 10.196.21.4]
View 2 Replies
View Related
Sep 9, 2015
I have two SQL Server machines - RPTPROD and DATAPROD.
I wanted to create a linked server from RPTPROD pointing to DATAPROD using Windows Authentication. Â When I tried to create this linked server, I keep getting this error
"Login failed for user 'NT AUTHORITYANNOYMOUS LOGON' (Microsoft SQL Server,Error: 18456)". Â
On the "Security" page, I chose "Be made using the login's current security context". Â I'm sysadmin on both SQL Server machines. Â
View 3 Replies
View Related
Dec 31, 2006
Hello,
I am experiencing a head-scratcher of a problem when trying to use a Linked Server connection to query a remote SQL Server database from our SAP R/3 system. We have had this working just fine for some time, but after migrating to new hardware and upgrading OS, DBMS, and R/3, now we are running into problems.
The target database is a named instance on SQL Server 2000 SP3, Windows 2000 Server. The original source R/3 system was also on SQL Server 2000 (SP4), Windows 2000 Server. I had been using a Linked Server defined via SQL Enterprise Manager (actually defined when the source was on SQL Server 7), which called an alias defined with the Client Network Utility that pointed to the remote named instance. This alias and Linked Server worked great for several years.
Now we have migrated our R/3 system onto new hardware, running Windows Server 2003 SP1 and SQL Server 2005 SP1. I redefined the Linked Server on the new SQL 2005 installation, this time avoiding the alias and referencing the remote named instance directly, and it tests out just fine using queries from SQL Management Studio. It also tests fine with OSQL called from the R/3 server console, both when logged on as the application service account with a trusted connection, and with a SQL login as the schema owner. From outside of the application, I cannot make it fail. It works perfectly.
That all changes when I try to use the Linked Server within an SAP custom program (ABAP), however. The program crashes with a database interface error. The database error code is 15274, and the error text is "Access to the remote server is denied because the current security context is not trusted."
I have set the "trustworthy" property on the R/3 database, I have ensured the service account is a member of the sysadmin SQL role, I've even made it a member of the local Administrators group on both source and target servers, and I've done the same with the SQL Server service account (it uses a domain account). I have configured the Distributed Transaction Coordinator on the source (Win2003) system per Microsoft KB 839279 (this fixed problems with remote queries coming the other way from the SQL2000 system), and I've upgraded the system stored procedures on the target (SQL2000) system according to MS KB 906954. I also tried making the schema user a member of the sysadmin role, but that was disastrous, resulting in an instant R/3 crash (don't try this in production!), so I set it back the way it was (default).
What's really strange is no matter how I try this from outside the R/3 system, it works perfectly, but from within R/3 it does not. A search of SAP Notes, SDN forums, SAPFANS, Microsoft's KnowledgeBase, and MSDN Forums has not yielded quite the same problem (although that did lead me to learning about the "trustworthy" database property).
Any insight someone could offer on this thorny problem would be most appreciated.
Best regards,
Matt
View 12 Replies
View Related
Sep 28, 2015
I have a scenario where I want to make a linked server query and report using windows service account credential. I can able to do link query if I RDP into the Server where linked server established using the service account and run query successfully  but local client SSMS with my credential fails connecting linked server or querying. Looks to be a sql double hoping problem if so configuration each client domain account to enable delegation will be challenging as mentioned in the following articles instead service account only might work if possible.
View 3 Replies
View Related
Sep 28, 2007
I need to be able to run a SECURITY audit/report against my Report Servers. I want to be able to see which users have which rights in which folders, etc.
I cannot find any canned report for this (from MS or on Web)
I cannot find data in ReportServer dbase that I can read.
Has anyone done this? How?
View 3 Replies
View Related
Nov 9, 2007
From my desktop in Management Studio (MS) I can connect to server A and run a query like,
select top 1 * from serverB.mydatabase.dbo.mytable, and all seems to be working. If I leave and come back after a few minutes it no longer works and I get this error:
Msg 18452, Level 14, State 1, Line 1
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
If I remote connect to server B and run the query it works and when I try it from my desktop MS it starts working again. Any ideas on why this is happening?
View 8 Replies
View Related
Jul 2, 2007
Hi,
I have a certain report that contains information about a company structure... I want to allow only certain users to run the report (the easy part) but i also want the users to only see their own information (the hard part).
How can i achieve this?
Do i have to enable row based security over SQL Server 2005 table?
Best Regards
View 1 Replies
View Related
Mar 6, 2008
Hi all,
I would like to retrive system report that provides the following security configurations for MS SQL
1. Minimum Password Length
2. Initial log-on uses a one time password
3. Password composition (e.g., alpha/numeric characters, not words in
dictionary)
4. Frequency of forced password changes (password expiration/aging)
5. The number of unsuccessful log-on attempts allowed before lockout
6. Ability of users to assign their own passwords
7. Number of passwords that must be used prior to using a password again
(password history)
8. Idle session time-out
9. Logging of unsuccessful login attempts
do i have to script it or is there any alternate option
thanx in advance
View 4 Replies
View Related
Feb 6, 2008
I have been playing with SRS 2005 for a few months now and have a decent setup going but am strugling with model security.
I have set my selected users up in the home folder and also as site users in site settings, they can launch the report builder and create reports fine.
HOWEVER
I intend to use the software accross multiple systems ie WMS, TMS, Finance package, T&A and therefore I only want the WMS users to see the WMS models and T&A users to only see the T&A models etc
No matter what settings are adjusted it seems that if you can launch the report builder then you can access all models and this poses an issue for me as systems like T&A and financials that I need to be as secure as possible.
I am aware that I can limit access to to models using Management studio but it seems to be basically on a column basis rather than the whole model.
Help!!!
Also aware of the fact im an idiot and basically posted the same thing 5 or 6 times! Hopefully the others are deleted
View 3 Replies
View Related
Jan 8, 2008
Hello.
I am trying to render a report that I set up with SSRS 2005 from an existing .Net web application. The report takes in a multi-valued parameter (sequenceNums) and displays data accordingly.
This is the url I am passing from the web application:
Code Blockhttp://myservername/ReportServer/Pages/ReportViewer.aspx?%2fProjectDBReports%2fCriticality&rs:Command=Render&rc:parameters=false&sequenceNums=4299,4312
Upon redirect, I receive the following error "one or more data sources is missing credentials"
I currently have the following connection settings checked for the DataSource used in the report:
- connect using credentials supplied by the user running the report
- use as windows credentials when connecting to the DataSource
When I attempt to view the report with no parameters being passed in, the report renders properly and I receive a prompt asking me for my credentials.
Do I have to connect to my DataSource using credentials stored securely on the report server?
Thanks in advance.
Sam
ps - i included the url within a code block so no smiley faces would show
View 3 Replies
View Related
Jun 24, 2004
I was if anyone can recommend a book that specifically focuses on SQL statements such as Queries, Stored Procedures, Triggers, Transcations..etc
View 11 Replies
View Related
Apr 8, 2008
Hello,
I will have to create a table that consists of only of two fields. one: them employeeID and two: the SupervisorID,
my question is what should I define as my primary key. Should it be an aditional field, or could it be the EmployeeID field.
The employeeID is an unique filed. The end user for this application will be updating rearly some of this records, and may be adding or deleting some new records exporadically.
Thanks for suggestions.
View 6 Replies
View Related
Dec 21, 2006
Hi:
Here's the scenario I'm working with:
A SQL 2005 server with around 1K~ databases, capacity at about 1TB~. We would like to be able to have a warm standby with transactions replicated to it. In the event of a failure on the principle, we would want the warm standby to come online automatically and begin serving db requests.
I've looked at the SQL 2005 database mirroring option; however, this has a restriction of around 10 databases per SQL server instance which, unfortunately, I exceed. One method I've been looking at is transaction replication in the classic publisher / subscriber model; however, how would I handle automated fail-over to the subscriber if the publisher were to fail?
Does anyone in the community have any thoughts or recommendations?
Thanks.
-matt
View 1 Replies
View Related
Dec 8, 2013
Here is my Problem:
1. I have sql 2008 R2 running on my LocalHost.
2. Created Data Base [Customer].
3. Created Linked Server [CUSTOMERLINK] USING Microsoft Jet 4.0 to link to Drive F:Data which has DBF files in it.
4. Create dbo.Customer_Upload Table.
5. INSERT INTO [Customer].[dbo].[Customer_UpLoad]
([Name],[Email])
SELECT
NAME,EMAIL
FROM [CUSTOMERLINK]...[CUS]
All this works fine. I can even put it in to an After Insert Trigger on another table and it works.
My problem is that I need this to work in a scheduled job.
F:Data is just a folder with files in it.
This info is from a Restaurant POS system and I need to update it every night.
I have tried every which way to to setup the security issue as there isn't any login security on the folder and SqlServerAgent wants security.
View 4 Replies
View Related
May 30, 2007
Greetings Folks,
We have a SQL Server Reporting Services instance running SP2. I have attempted to add a domain group in a trusted domain to the server to enable regular users to access reports. I have added this group to the instance folder as a SYSTEM USER and home as BROWSER. I am allowing those settings to be inherited down through the folders (reports and data sources) to the reports. My test user in this report receives:
The permissions granted to user 'DOMAINuser' are insufficient for performing this operation.
(log shows HTTP 500)
when the user attempts to use the URL to go directly to the report. If we try to navigate from HOME and walk the folders the user sees a blank HOME page.
I have used other groups with no problem.
Is there something I am missing in setting up the security environment? Any help would be greatly appreciated.
Thanks, Mark
View 1 Replies
View Related
Apr 25, 2007
Hi,
I am trying to use a very easy and simple feature of a reportmodel, model item security.
In my example i have two users; HGHJohn and HGHJKooi
I want to test if I am able to restrict access in the model to a whole entity. HGHJKooi shouldn't be able to see the entity 'Customers'.
These are the steps I executed:
1. In Sqlserver management studio I opened the properties of my model and navigated to the tabpage 'model item security'.
2. I activated the option 'secure individual model items...'
3. In the root of the model I declared two users(groups) as specified above
4. Automatically all nodes inherit these settings from the root.
5. For the entity 'Relations' I change the default, by selecting 'use these roles for each group or user account'
6. I removed HGHJKooi from this list, leaving only 'HGHJohn as model item browser
What I expected at this moment is that when I login the system as HGHJKooi, then I won't see this entity, but I still can! Does anybody know a solution to this problem?
Julian Kooiker
View 1 Replies
View Related
