web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics GP (Archived) / Best Way To Lock Down ...
Microsoft Dynamics GP (Archived)

Best Way To Lock Down GP SSRS Reports From Domain Admins?

(0) ShareShare
ReportReport
Posted on by Community Member

When my users log into GP, they do it through SQL server accounts, not Active Directory. I'm setting up SSRS reports but unfortunately since its security is tied to Active Directory, domain admins can run reports. Even if BUILTIN\Administrators is removed from the security settings on the SSRS site, domain admins can still view the reports. I've poured over the links below and haven't been able to find something that directly addresses preventing domain admins access. Can I add additional password security like you would to say an Excel report for example, to a SSRS report?

https://community.dynamics.com/gp/b/gpmarianogomez/archive/2013/06/07/microsoft-sql-server-security-roles-and-microsoft-dynamics-gp-ssrs-reports

https://dynamicsgpland.blogspot.com/2011/05/and-one-and-two-sql-report-security.html

dynamicsgpblogster.blogspot.com/.../microsoft-sql-server-security-roles-and.html;utm_medium=feed&utm_campaign=Feed%3A+TheDynamicsGpBlogster+%28The+Dynamics+GP+Blogster%29

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Tim Foster Profile Picture
    Tim Foster 8,515 on at

    According to what I read here:

    https://social.msdn.microsoft.com/Forums/sqlserver/en-US/38199f97-0d84-4d64-b96d-370a3d1add60/ssrs-and-domain-admins?forum=sqlreportingservices

    you might not be able to accomplish your goal.

    Tim

  • Community Member Profile Picture
    Community Member on at

    Sorry, should have included that link my list as well as ones previously viewed. Just seems weird, I can't be the only individual who is required to setup SSRS reports for GP. I'd have to imagine other organizations would have similar concerns about keeping payroll, transactions, etc locked away from admins.

  • Suggested answer
    Tim Foster Profile Picture
    Tim Foster 8,515 on at

    The other approach would be to secure the data.  Send the user id of the person running the report as a parameter to a stored procedure.  Build the stored procedure so that it only returns data for specific users,  make the stored procedure send email when unauthorized users attempt to view (make it clear that you will discipline violators) and then encrypt the stored procedures that return the data.  Make sure the domain admins can't access the sa account, can't impersonate other users or  get the database into single user mode.

    Tim Foster

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics GP (Archived)

#1
Community Member Profile Picture

Community Member 2

#2
mtabor Profile Picture

mtabor 1

#2
Victoria Yudin Profile Picture

Victoria Yudin 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans