web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / SSRS Security needed f...
Microsoft Dynamics AX (Archived)

SSRS Security needed for http://servername/reports

(0) ShareShare
ReportReport
Posted on by Community Member

Hi !

My concern is about security needed on http://servername/reports. To get reports working on Enterprise Portal, I gave Browser access for all Ax Users (Active Directory group) to Dynamics folder in http://servername/reports.

I know Enterprise Portal control security when a user log in. Even if I have the CFO role profil, the financial reports will not appear in my role page if I don't have access to this data in AX.

 But, if this same user access the report through http://servername/reports, he can run any reports and see the result !

Should I configure differently the security of my SSRS Server ?

Thank you !

*This post is locked for comments

I have the same question (0)
  • Sacha Kircev Profile Picture
    Sacha Kircev 905 on at

    Hello,

     I think that it depends on the report the user must access to. The easiest situation is when you have only

    SSRS reports built with the AX 2009 Reporting extensions (that use AX Datasources and AX Business

    logic). In that situation the data accessed will be determined by the AX user rights

    and you give access to the directory servername/reports to every AX user.

    But if you have SSRS Reports that use both AX Datasources and custom datasources

    or only custom datasources that query the database directly the rights have to be setup

    on the SSRS website for the users/user groups that use these report(s).

    In the second situation the data accessed is depending only on the access

    to the report itself so the setup is a little bit longer.

    But you can avoid this problem by embedding every report within the AX client likewise

    Microsoft did with the new AX 2009 reports (those with a * at the end of their names).

    This solution needs some X++ development but the end users don't really "know"

    the existense of the SSRS website.

    The benefit of this is that the rights are managed within AX with standard security keys.

  • Community Member Profile Picture
    Community Member on at
    Hi, Thank you for your reply. I have only SSRS reports built with the AX 2009 Reporting extensions (No custom reports or datasource). The data accessed troughs Enterprise Portal will be determined by the AX user right because SharePoint use the Business Connector. This is mean a user will not be able to see Financial reports if he is only Shop Manager. My concern is the "backdoor" http://servername/reports. Because, like you say, i will give access to the directory servername/reports to every AX user. If a the Shop Manager run a financial report from the directory servername/reports, the data will be display. Is it normal ? Maybe a did a misconfiguration of my SSRS ?
  • Sacha Kircev Profile Picture
    Sacha Kircev 905 on at

    To manage this case you will have to manually setup the access on every folder

    (or report if it's a critical or confidential report) on the SSRS website.

    In standard i'm not aware if Microsoft restricts access to the published reports/folders

    on the SSRS website.

    Regards

  • Wayne Kuo Profile Picture
    Wayne Kuo 85 on at

    Hi Mathieu, report access permissions need to be set at the report/folder level. For more information, please refer to this SSRS article. http://msdn.microsoft.com/en-us/library/ms156014.aspx

  • Community Member Profile Picture
    Community Member on at
    Thanks Wayne, As you probably know, AX default implementation deploy all reports in one folder named Dynamics AX. I guess you agree with the fact all Dynamics users must have a browse/read access to this folder and consequently all reports ?
  • Wayne Kuo Profile Picture
    Wayne Kuo 85 on at

    Hi Mathieu,

    Even though all reports are deployed, finer permission restrictions should be set on specific reports on a case by case basis. There might be some business reasons that dictate certain reports should only be be displayed to a particular user role, i.e. Salary reports should be restricted to Business Analysts, but not to CEO and Managers. That is why SSRS recommend creating user roles for permission management.

    Thanks,

    Wayne

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#1
Priya_K Profile Picture

Priya_K 4

#3
MyDynamicsNAV Profile Picture

MyDynamicsNAV 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans