SSRS security and table permissions

(0) Share

Report

Posted on by Community Member

Hi community

Something with SSRS and security is bothering me.

Whenever we create a SSRS report and give proper access to menu item (type output) + privilege + role, some permission issues pop up.

Example:

User 'tilo' is not authorized to select a record in table 'EcoResTextValueTranslation'. Request denied.
Cannot select a record in The localization of properties of the attributes (EcoResTextValueTranslation).
Access Denied: You do not have sufficient authorization to modify data in database.

Solution is to just give table permission on the role with Read access. Or on the SSRS report in the AOT.

But this implies that every type of record, that is being used in every dataprovider or in any (sub)method that is being reused, needs to be explicitly mentioned in either role table permissions or ssrs table permissions.

Also, sometimes we get the error above. But some other times we do not and the SSRS report would run fine but the affected fields wont be populated. This mostly happens in submethods that are being reused in the dataprovider code. I mean, i'd rather get an error saying i dont have permission than just showing blank values. In this case i have no way of knowing everything is fine.

This seems absurd. Am i doing this right? Is there a better solution to give full access to the SSRS report and implicit read access to all records that are being used?

*This post is locked for comments

I have the same question (0)

All responses (5)

Answers (1)

Suggested answer

Sohaib Cheema 49,438 User Group Leader on at

Like (0)

Report

This is happening as designed by Microsoft and you are doing it correctly to fix issue.

when you grant permissions of an output menu item, you are granting rights for an SSRS report. you are not granting rights for related tables. if you need to grant rights of related tables you have to do it by either providing access of those tables to user or add those inside SSRS report node in AOT.

output menu items merely refer to display of a link inside content pane, routing you to an ssrs report and nothing more

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi Sohaib,

Thanks for your quick answer.

If i understand correctly, when i set table permissions under the SSRS Report -> Permissions node and then give the role/duty access to the output menu item with a privilege, i wouldnt have to add all the tables to the role's table permissions?

In other words, the menu item will also give access to all the SSRS table permissions implicitly?

Was this reply helpful? Yes No
Verified answer

Sohaib Cheema 49,438 User Group Leader on at

Like (1)

Report

yes correct. you can also add permission of related class(RDP usually), by dragging it under report.

Have a look following screenshot taken from a standard/existing report

if you will right click every table, available under the report tree node, you can set permission level such as Read, delete etc. Typically this is set to Read because in reporting a user is supposed to read data.

Similarly a user should also have rights to execute RDP class or any class related to reporting, which may have an entry point.

Summarizing it we can say that we drag all related permissions within the report tree node, so that by just assignment of output menu item, user can access report. Though sometimes you may need to do extra efforts in certain/specific scenarios

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Great answer!

Wonder where this is documented :-)

Was this reply helpful? Yes No
Sohaib Cheema 49,438 User Group Leader on at

Like (0)

Report

Hi Tim,

you can find such information on MSDN and TechNet.

here you go with this URL

Was this reply helpful? Yes No