Setting Up SRS On Win 2003 - Security Issue
Apr 16, 2008
I am having a little trouble with my SRS installation. I have a fresh-out of the box server running Win 2003. I installed SQL & SRS on it. I have successfully deployed my report project and can run reports, etc.
The problem is, even when logged in on the console as the local admin, I can't seem to perform the usual administrative functions on the report server- simple things like hide items in list view. I have no menu options for any of the security stuff, either. I though that the local admin was able to do these things by default. I have a feeling that this has something to do with active directory & role membership? It is like the administrator only has guest privledges.
When I connect to the report server from management studio, I can see the roles but no information about users, no options ot add users to the roles, either. My goal is to simply add a user (Administrator) to the proper role to be able to configure the report server environment.
For what it is worth, this box is simply set up in my home office, no domain, etc. Please be gentle, I am mainly a SQL geek, very little knowledge of Server OS & Windows security.
Any help is greatly appreciated.
JB
View 1 Replies
ADVERTISEMENT
Jul 31, 2007
Hi,
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Your help is highly appreciated!
Desperate developer
View 1 Replies
View Related
May 4, 2007
We have a SQL 2005 installed in Windows 2003 64 bit system, which has 16 CPU and 32GB RAM, but the performance is poor. SQL server is AWE enable and the sql start account with "Lock Pages In Memory". I checked the task manager and it looks that the SQL server used only about 300 MB memory. Here is what I found:
http://blogs.msdn.com/psssql/archive/2006/11/28/sql-server-becomes-sluggish-or-appears-to-stall-on-64-bit-installations.aspx?CommentPosted=true#commentmessage
What I need to do?
Thanks
View 5 Replies
View Related
May 6, 2007
PLEASE HELP ME
I'm a pretty smart guy, but sometimes I end up feeling left behind with all of the terminology I don't recognize.
I am running XP Pro, Access 2003, and SQL Server 2005 express.
I want to set up a ODBC connection in Access to a table that has been created in an SQL Server 2005 Express Database.
I keep getting the message connection failed, SQL Server does not exist or access denied.
Can somebody here please help me?
View 1 Replies
View Related
Jan 16, 2007
Hi all,
Okay, here's my problem:
After I login into the Reports Server (<servername>/Reports1/Pages/UILogon.aspx?) the Home page is blank ( accpet for links to Home |MySubscriptions | Help in the upper right corner). Please read on before thinking you know the answer. I am using Reporting Services with Forms Authentication with a custom security extension. In the LogonUser methothd I validate the user and return True if the user is good. Should I be doing anything else in this method or any of the other methods in my custom extension? I'm asking because, I can use Sql Server Management Studio to login into the Reporting Server, view any folders such as the Data Sources or Models folder, but can't make any changes. In the Users table in the ReportServer database the user I'm logging in with has a UserType of 0 and AuthType of 3. I've tride changing these to match the BUILTINAdministrators user but still no luck. Also, I can not login as the BUILTINAdministrators because that user would not be in our database. Any help with this is appreciated. Thanks.
View 4 Replies
View Related
Jul 18, 2006
New to this game so please bare with me ;)
const string ConnectionString = "Data Source='db.sdf';";
SqlCeEngine mydb = new SqlCeEngine(ConnectionString);
mydb.CreateDatabase();
create table Eaddress (OID int IDENTITY, title nvarchar(20), name nvarchar(80), lastname nvarchar(70)
)";
database is created and works but how do i set a username and password for the db (an example would be great)
View 3 Replies
View Related
Aug 3, 2007
Hi,
I am testing SQL 2005 Standard (32 bit) on a Windows 2003 Server 64 bit with 8GB of RAM? Should I enable the AWP Setting or not and should I change the maximum server memory (currently saying 2GB)?
Thanks!
Tom
View 1 Replies
View Related
May 10, 2000
Does anyone know the best way to set up NT security. It seems a little confusing as to how to set up NT groups and assign permissions (where do the roles come into it?).
Any help would be much appreciated
thanks
Paul
View 1 Replies
View Related
May 12, 2004
I am running SQL Server 2000 (clustered server) with Windows 2003. For some reason MSDTC is failing on distributed transactions. I can run code that begins and commits a transaction from query analyzer, or run a stored procedure from Query Analyzer with the same code in it and both work great, but if I call the stored procedure from a DTS job, then the job fails with the following error:
DTSStep_DTSExecuteSQLTask_1, Error = -2147217900 (80040E14) Error string: The operation could not be performed because the OLE DB provider 'MSDASQL' was unable to begin a distributed transaction. Error source: ...... Error string: OLE DB error trace [OLE/DB Provider 'MSDASQL' ITransactionJoin::JoinTransaction returned 0x8004d00a]. Error source: Microsoft OLE DB Provider for SQL Serve. The step failed.
Any help would be appreciated!
View 1 Replies
View Related
Jan 4, 2008
Hi
I just deploy a report model and want use report builder to create ad-hoc using this report model.
I want some entitis and attributes are not visiable for some user, so I config the model item security for this model.
But no matter which user I use to login the report server, I always can access all the entities.
Even I delete all the groups and users in "Permissions" property of the model, I still can access this model through report builder.
All the user I used to test are local user of server with report service, my server is SQL Server 2005+SP2.
How can I fix it?
View 3 Replies
View Related
Jul 3, 2007
Hi!
Is there a possibility to set the folder security on the report server programatically?
Thanks
Klaus Aschenbrenner
http://www.csharp.at
http://www.csharp.at/blog
View 1 Replies
View Related
Oct 26, 2007
CLIENT SIDE:
If the query is reading from large table, (100 columns x 20000 rows)
I have no problem getting results using SQL Query Analyzer on the Client side.
However, I am getting timeout problem from the client side application.
The query failed. The message from the database engine was:
Microsoft OLE DB Provider for SQL Server: Timeout expired.
SERVER SIDE:
I tested the same query on the server using the application. I can get the results.
ENVIRONMENT:
Server machine:
The Server : Windows 2003 Server SP2
Database Server : SQL Server 2000 €“ (8.00.2039 Standard Edition SP 2)
linkserver (OLE DB 9.0.0.3504 ) to FoxPro 9.0 SP1 table
SQL Server Timeout Settings: Query time-out (sec, 0=unlimited)
Client machine:
Windows XP SP2 : Windows Network Authentication
SQL Server 2000 client
For some reason my environment doesn€™t like the outside application to connect to the server long time?
Do you have any idea how to fix this timeout problem? Do I need to configure DCOM or DTC?
View 1 Replies
View Related
Aug 19, 2005
I have just reciently installed and started upgrading the last beta code to this beta and am having a problem conecting to my sqlinstance with the WebSite Configuration Tool.
View 16 Replies
View Related
Nov 9, 2005
The last few lines of the log show:
View 4 Replies
View Related
Feb 12, 2007
I'm attempting to setup the defaco MS security for membership and roles, using a newly created database under SQL 2005 (not express). I created the database using the aspnet_regsql.exe utility and that worked fine. I created my provider connection string logging in as 'sa' wit the proper password. All that seemed to work okay too. However when I attempt to change any of the settings like setting the authentication type or enabling roles, I get the follwing error message: The following message may help in diagnosing the problem: Attempted to perform an unauthorized operation. at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections) at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath) at System.IO.File.SetAccessControl(String path, FileSecurity fileSecurity) at System.Configuration.Internal.WriteFileContext.DuplicateTemplateAttributes(String source, String destination) at System.Configuration.Internal.WriteFileContext.DuplicateFileAttributes(String source, String destination) at System.Configuration.Internal.WriteFileContext.Complete(String filename, Boolean success) at System.Configuration.Internal.InternalConfigHost.StaticWriteCompleted(String streamName, Boolean success, Object writeContext, Boolean assertPermissions) at System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext, Boolean assertPermissions) at System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.Internal.DelegatingConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.UpdateConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.MgmtConfigurationRecord.SaveAs(String filename, ConfigurationSaveMode saveMode, Boolean forceUpdateAll) at System.Configuration.Configuration.SaveAsImpl(String filename, ConfigurationSaveMode saveMode, Boolean forceSaveAll) at System.Configuration.Configuration.Save(ConfigurationSaveMode saveMode) at System.Web.Administration.WebAdminPage.SaveConfig(Configuration config) at ASP.security_setupauthentication_aspx.UpdateAndReturnToPreviousPage(Object sender, EventArgs e) at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)Anyone have any clue why this is happening? Do I need to add something to the database as far as users/roles go? I figured 'sa' would have free roam, but something permission-wise just isn't jiving.
View 2 Replies
View Related
Aug 11, 2014
I work on test SSRS setup and trying to give one user enough rights so she can download RDLs from server, but no matter what I do on Folder leverl, on report level her security are still only as a <Browser>. Structure of our Server is:
Home/NewReports/Misc/Report01.
I'm checking those in <Folder Settings>/<Security> where this user is OK (Browser, Content Manager, Publisher, Report Builder).
So she looks OK in all folders Home/NewReports/Misc, but on report level she still only a browser.
Our db team tried everything on SSRS server working with Site settings and Folder option, how to make that report inherit security ?
View 3 Replies
View Related
Nov 28, 2007
Greetings
Running SQL Server 2005. The developers on the project can see and edit stored procedures from within the Visual Studio IDE (via Server Explorer) but when they connect through management studio, the stored procedures do not show up at all.
Is there a seperate security setting specifically for management studio?
The user has:
The dbCreator Server Role
Is mapped to the development database as dbo with datareader/datawriter/db owner/public role
Is mapped to master reader/writer/public
Is mapped to model reader/writer public
Is mapped to msdb reader/writer public
Is mapped to tempdb reader/writer publuc
This is probably more security than the user needs, but was grasping at straws to let them edit stored procedures...
View 4 Replies
View Related
Jan 30, 2008
Hi,
I would like to demonstrate mining temporary models in an ASP.NET application.
Creating, trainning, predicating actions are all witten at C# codes as follows:
Code Snippet
using (AdomdCommand cmd = new AdomdCommand())
{
// Build temporary mining model
cmd.Connection = asConn;
cmd.CommandText = "CREATE SESSION MINING MODEL " + modelName +
" (" +
"HCVS_MemberId Text KEY," +
"HCVS_MeasureDate DATE KEY TIME, " +
"SysPressure LONG CONTINUOUS PREDICT, " +
"DiaPressure LONG CONTINUOUS PREDICT," +
"Pluse LONG CONTINUOUS PREDICT" +
") " +
"USING Microsoft_Time_Series(Missing_Value_Substitution='Mean' ) "; // Periodicity_Hint = '{12}'
cmd.ExecuteNonQuery();
// Train Data
cmd.CommandText = "INSERT INTO " + modelName + " (HCVS_MemberId, HCVS_MeasureDate, SysPressure, DiaPressure, Pluse) " +
"OPENQUERY([Healthcare], " +
" 'SELECT HCVS_MemberId, HCVS_MeasureDate, SysPressure,DiaPressure,Pluse" +
" FROM v_VitalSignForecast WHERE HCVS_MemberId=''" + id + "'' AND HCVS_MeasureDate>=''" + from.ToShortDateString() + "'' AND HCVS_MeasureDate<=''" + to.ToShortDateString() +"'' ')";
cmd.ExecuteNonQuery();
// Predict upon the Train Data. In addition, the standard deviation of each predicated value is retrieved
cmd.CommandText = "SELECT FLATTENED " +
"( SELECT *, " +
" SysPressure + PredictStdev(SysPressure) AS [SysPressure_PlusStdev], " +
" SysPressure - PredictStdev(SysPressure) AS [SysPressure_MinusStdev] " +
"FROM PredictTimeSeries(SysPressure, " + fDays + ") AS SysTable " +
") " +
"FROM " + modelName ;
AdomdDataAdapter adapter = new AdomdDataAdapter(cmd);
DataSet sysDS = new DataSet();
adapter.Fill(sysDS);
The problem is that I do not know how to configure my Analysis Service Server to let ASP.NET account can utilize it. And ASP.NET account in trun impersonates the account who is authorized to use Healthcare DB in the Openquery. Please give a help. Thanks a lot.
Ricky.
View 4 Replies
View Related
Mar 29, 2007
I do a clean install of SQL Server + RS + SP1 with standard setup on Windows Server 2003. I create a simple report (select * from aTable). This report (actually any report) shows the error message "For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."
This has to do with security settings in Windows Server 2003. On Windows XP everything works fine.
Any help would be greatly appreciated. Thanks!
Edit: The reports do work in the preview tab in BIDS.
View 5 Replies
View Related
May 29, 2007
I'm trying to install SQL Server 2005 Express on a Windows 2000 server, but I'm getting the following error message:
"Failure setting security rights on user account SQLServer2005BrowserUser${computerName}"
Can anyone help me please?
View 1 Replies
View Related
Jun 8, 2007
Dear Helpers,
I can not setup SQL server 2005 express and the full trial version as well.
The setup progress stops at "setting file security", and nothing happens. I dont even get an error message.
This is very annoying. I have local administrator access, so it should work. Op system: Windows XP professional.
Machine: Hp Compaq dc7700p, 1 GB RAM, 80 GB HDD
Thanks for your help in advance.
View 5 Replies
View Related
Apr 27, 2007
Hello,
I have implemented User-defined Functions in SQL Server 2005 with Managed Code. Inside Vistual Studio Project for SQL Server, there are three different levels of security, which are SAFE, EXTERNAL_ACCESS and UNSAFE. When I set EXTERNAL_ACCESS permission and try to send http web request using HttpWebRequest and HttpWebResponse classes in the .NET Framework, it throws me error message, but If I set to UNSAFE, it works fine. For that I have two Questions.
1) how to run my code with EXTERNAL_ACCESS permission ?
2) If I set UNSAFE permission, is it dangerous for any security issue ?
Looking forward to some help from you guys. Thanks in advance.
Cheers,
Satyam
View 2 Replies
View Related
Sep 11, 2007
Hi,
I need to import an SQL string from MS Excel 2003 to SQL SERVER 2000.
The string I need to import is composed by 5 different several blocks and looks like:
Code Snippet
CommandLine01 = "USE mydb"
CommandLine02 = "SELECT Block ..."
CommandLine03 = "GO
ALTER TABLE Block...
GO"
CommandLine04 = "UPDATE Block..."
CommandLine05 = "SELECT Block..."
The detail of the SQL string is at:
http://forums.microsoft.com/msdn/showpost.aspx?postid=2093921&siteid=1&sb=0&d=1&at=7&ft=11&tf=0&pageid=1
I am trying to implement OJ's suggestion:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2117223&SiteID=1
to use multi - batch processing to import the string to SQL SERVER, something like:
Code Snippet
Dim SqlCnt, cmd1, cmd2, cmd3
'set the properties and open a connection
cmd1="use my_db"
cmd2="create table mytb"
cmd3="insert into mytb"
SqlCnt.execute cmd1
SqlCnt.Execute cmd2
SqlCnt.Execute cmd3
Below is the code (just partial) I have, and I need help to complete it.
Thanks in advance,
Aldo.
Code Snippet
Function TestConnection()
Dim ConnectionString As New ADODB.Connection
Dim RecordSet As New ADODB.RecordSet
ConnectionString = "Driver={SQL Server};Server=myServer;Database=myDBName;Uid=UserName;Pwd=Password"
ConnectionString.Open
CmdLine01 = " USE " & myDB
CmdLine02 = " SELECT ACCOUNTS.FULLNAME FROM ACCOUNTS" ...
CmdLine03 = "GO
ALTER TABLE Block...
GO"
CmdLine04 = "UPDATE Block..."
CmdLine05 = "SELECT Block..."
RecordSet.Open CmdLine01, ConnectionString
RecordSet.Open CmdLine02, ConnectionString
ConnectionString.Execute CmdLine01
ConnectionString.Execute CmdLine02
'Retrieve Field titles
For ColNr = 1 To RecordSet.Fields.Count
ActiveSheet.Cells(1, ColNr).Value = RecordSet.Fields(ColNr - 1).Name
Next
ActiveSheet.Cells(2, 1).CopyFromRecordset RecordSet
'Close ADO objects
RecordSet.Close
ConnectionString.Close
Set RecordSet = Nothing
Set ConnectionString = Nothing
End Function
View 7 Replies
View Related
Jul 23, 2005
I may not be the best forum for this post, however I believe some onecan still help me or direct me somewhere else.I'm finding that win 2003 x64 and SQL 2005 CTP is slower than win 2003and SQL 2000.Machine A: Opteron 2.2 (248) w/ 2 cpus. 8GB memory. SCSI disk array.Windows Enterprise 2003 x64 final release. SQL Server 2005 enterpriseCTP.Machine B: Opeteron 2.2 (248) w/ 2 CPUs. 4GB Memory. IDE Drives.Windows Server 2003 (32bit) and SQL Server 2005 (standard).I'm using Cognos' DecisionStream as the ETL tool (32bit). I have theidentical job on both machines. Machine A is slower to do my nightlybuild (1h 20m) vs. Machine B (50m).I've done no tweaking of the databases. I Used SQL 2005's studio tocopy the database from Machine B to Machine A.The only major difference is the O/S and SQL, the machines are samespeed, however Machine A has twice the memory and faster disk; so Iwould expect it to be faster.Can anyone think of smoking guns I might be missing?TIA
View 2 Replies
View Related
Dec 4, 2014
I use from sql server 2008. and c#
what is the best connectionstring?
I don't know if i use Persist Security Info and Integrated Security or not?
And if yes then their value must be true or false?
View 1 Replies
View Related
Oct 14, 2005
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies
View Related
Apr 26, 2007
hi i want to know what is the differance between
Persist Security Info=False;Integrated Security=Yes;
View 1 Replies
View Related
Oct 18, 2015
Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions.Â
View 4 Replies
View Related
Jul 6, 2007
I have Sql Server Express installed on Vista (service pack 2)
I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.
The login ID of the service is added to the database.
The database has remote access turned on.
The ID is granted access to all databases within the server.
The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.
The dataserver is set with using Windows Authentication for security.
When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.
How to I get past this? I've done everything right.
View 1 Replies
View Related
Jun 18, 2007
I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:
The user or group name <DLName> is not recognized. (rsUnknownUserName)"
View 1 Replies
View Related
Jul 20, 2005
Is there anybody out there with a MS SQL 2K Security Baseline orSecurity Checklist. Where can I get one????Thanks in advanceDavid
View 1 Replies
View Related
Feb 28, 2008
Hi;
I am looking for a way to log all security related events for SQL in Windows Security Log. I am trying to use SCOM for monitoring SQL and I am looking at ways to generate alerts in my SCOM Console for specific events in SQL e.g. A table is deleted, user is modified, deleted, etc. Is this possible and if yes how do I achieve the same?
Rgds;
View 6 Replies
View Related
Aug 3, 2006
In an environment where there are many initaitors speaking to a central target with frowarders in between, from what i can understand this best policy is to disable encryption on the endpoints, since dialog encryption will be enforced this is all that is really required, is this correct.
If the endpoints used encryption the message would need to be encrypted and decrypted at each forwarder resulting in slower perfromance, where as dialog encryption would only encrypt at the sender and decrypt at the target, so is this the best way to go?
Secondly is it best practice to open a dialog initally and send messages over this dialog for years never ending the conversation? This way the services only have to authenticate eachother once, if there are no reboots etc that is of course.
I would think performance wise sending each message and ending the conversation each time is a much greater overhead ? So would it be best practice to keep dialogs open and keep sending messages ?
Initally when i was learning service broker i thought that one must send a message and end the dialog until the next message, but i think the other way is the best option ?
Is this correct ?
Thanx
View 1 Replies
View Related
