Showing posts with label view. Show all posts
Showing posts with label view. Show all posts

Thursday, March 29, 2012

End User can access entire data without any cube roles

Hi Experts,

I have a report model on top of a cube. I had set a role for an end user to view some specific data which was not working, i then deleted the role from the cube. The end user can still see the entire set of data. Have anyone faced this scenario. The security doesnt seem to work at all.

Please advise.

Regards

Neeraj

Hi Neeraj,

Do you have Kerberos authentication set up? If not, and if Analysis Services is not running on the Report Server, the Report Server is likely using a fixed ID (not the end-user ID) to access Analysis Services - you could confirm the ID by tracing the login to Analysis Services in SQL Profiler.

Posted by symbo at 10:02 PM 0 comments
Labels: , , , , , , , , , , , , , , , , ,

Thursday, March 22, 2012

Encryption

Here is my goal please let me know if it is possible.

I have installed sql express on clients machines. I don't want them to be able to view the sp's or the functions. I would like to go as far as not allowing them to see the tables. I tried with encrption but this is still breakable by the user using the DAC.

Thanks

Will the users have be in the sysadmin role on their servers?

If so, there is little you can do, for sysadmin has full access to everything. You can use WITH ENCRYPTION when you create Stored Procedures and FUNCTIONs, and the IP will be somewhat 'safe' from prying eyes. (Just be sure to keep a copy of the code saved somewhere in case you ever have to make changes.)

|||

Ya only problem is if the user wants to they could use DAC to access the encrypted sp's.

My application will be downloaded via Click Once it will install sql express on the users machine if they don't already have it installed. So there is really nothing that I can do to the physicall machine.

Is there a way to hide DSQL from profiler? I was thinking if I made it all DSQL and hide it from profiler I would be ok then.

|||

Any code that executes on SQL Server will be viewable with Profiler -including dynamic sql.

If the client owns the database (that is, sysadmin role), guess what, they 'own' the database, and there is little you can do about it.

|||

Is it possible to disable the sysadmin role if I am installing a new instance of sql express?

|||No, you cannot, and do NOT want to disable the sysadmin role.|||

Why not? If i disable the sysadmin role then there would be no way for them to view the sp's or functions.

|||

Hi Jonathan,

You can't remove the built-in security roles. Besides, SQL Server depends upon the SysAdmin role to do many things; upgrade the instance, manage the server, etc. If you remove it, you will break the server. No matter what you do with the server security elements, the data file can always be moved to a different server where the user does have rights.

There are a few things you can do:

You can use the WITH ENCRYPTION command when you create objects to help obscure your sources. You can encrypt the actual data in your database to protect that. You can license/copywrite your application, including the data structures so that if anyone steals them you can seek a legal settlement. (To be honest, this is probably the most important thing you can do to protect you IP, but most people don't do this.)|||

"You can license/copywrite your application" This is a very good point and something that I will look into for sure.

What about doing CLR sp's?

Is there a easy way for those to be decrypted/cracked?


Thanks

|||

You 'could' use an obfuscator to 'hide' the CLR code -but you are introducting an additional element of 'slowness' to the performance equation. As well as additional barriers to code maintenance/upgrades.

Is it really worth it?

Sell you product with the full protection of IP/Copyright laws, sell only to reputable clients (ones that have something at risk should you ever need to litigate), and realize that someone else may come up with the exact same code solution you did. Would you want to have to 'vet' all of your code to make sure someone else hasn't done it before?

That's life -we protect ourselves the best we can, hope that there is such a thing as 'karma', and move on.

|||

I concure with Arnie regarding CLR objects, they are not a security measure. CLR Stored Procedures are there to address certain types of operations that are better performed using a procedural language, or that are not possible using T-SQL. They are very powerful, but there is a trade-off (there always is). In that they don't necesarily perform as well as T-SQL for standard data operations because they introduce extra layers.

You'll introduce new problems into your programming if you try to go down the CLR route as a way to "secure" you code. Once that happens, you spend a bunch of time and money solving the wrong problems. For what it's worth, I see these needs your bringing up and we're talking about ways to meet the need to offer better protection over IP in the client scenario in a future release of SQL Server.

Mike

|||

Is it possible to disable the DAC?

|||

Actually, DAC is disabled in SQL Express by default, but there is no way to prevent DAC from being enabled and used by someone with the appropriate permissions on you computer.

Mike

|||

What about using SQL Compact and embedding the sql database?

What issues would i have with security with this.

Also what is the max db size and are indexes supported?

|||

There is a forum dedicated to SQL Compact Edition, so you should direct your specific questions to that forum. You may also want to read the information available about SQLce on MSDN, start at http://msdn2.microsoft.com/en-us/sql/bb204609.aspx. Right now SQLce has the same db size limit as SQL Express, 4 GB. The security model is different, you can specify a single password for the entire file and that password must be supplied in order to access the file. When you password protect the database file, it is encrypted, but I'm not sure what level of encryption is used. I believe they support a subset of the same types of indexes available in SQL Server.

Mike

sql
Posted by symbo at 11:37 PM 0 comments
Labels: , , , , , , , , , , , ,

Encryption

Here is my goal please let me know if it is possible.

I have installed sql express on clients machines. I don't want them to be able to view the sp's or the functions. I would like to go as far as not allowing them to see the tables. I tried with encrption but this is still breakable by the user using the DAC.

Thanks

Will the users have be in the sysadmin role on their servers?

If so, there is little you can do, for sysadmin has full access to everything. You can use WITH ENCRYPTION when you create Stored Procedures and FUNCTIONs, and the IP will be somewhat 'safe' from prying eyes. (Just be sure to keep a copy of the code saved somewhere in case you ever have to make changes.)

|||

Ya only problem is if the user wants to they could use DAC to access the encrypted sp's.

My application will be downloaded via Click Once it will install sql express on the users machine if they don't already have it installed. So there is really nothing that I can do to the physicall machine.

Is there a way to hide DSQL from profiler? I was thinking if I made it all DSQL and hide it from profiler I would be ok then.

|||

Any code that executes on SQL Server will be viewable with Profiler -including dynamic sql.

If the client owns the database (that is, sysadmin role), guess what, they 'own' the database, and there is little you can do about it.

|||

Is it possible to disable the sysadmin role if I am installing a new instance of sql express?

|||No, you cannot, and do NOT want to disable the sysadmin role.|||

Why not? If i disable the sysadmin role then there would be no way for them to view the sp's or functions.

|||

Hi Jonathan,

You can't remove the built-in security roles. Besides, SQL Server depends upon the SysAdmin role to do many things; upgrade the instance, manage the server, etc. If you remove it, you will break the server. No matter what you do with the server security elements, the data file can always be moved to a different server where the user does have rights.

There are a few things you can do:

You can use the WITH ENCRYPTION command when you create objects to help obscure your sources. You can encrypt the actual data in your database to protect that. You can license/copywrite your application, including the data structures so that if anyone steals them you can seek a legal settlement. (To be honest, this is probably the most important thing you can do to protect you IP, but most people don't do this.)|||

"You can license/copywrite your application" This is a very good point and something that I will look into for sure.

What about doing CLR sp's?

Is there a easy way for those to be decrypted/cracked?


Thanks

|||

You 'could' use an obfuscator to 'hide' the CLR code -but you are introducting an additional element of 'slowness' to the performance equation. As well as additional barriers to code maintenance/upgrades.

Is it really worth it?

Sell you product with the full protection of IP/Copyright laws, sell only to reputable clients (ones that have something at risk should you ever need to litigate), and realize that someone else may come up with the exact same code solution you did. Would you want to have to 'vet' all of your code to make sure someone else hasn't done it before?

That's life -we protect ourselves the best we can, hope that there is such a thing as 'karma', and move on.

|||

I concure with Arnie regarding CLR objects, they are not a security measure. CLR Stored Procedures are there to address certain types of operations that are better performed using a procedural language, or that are not possible using T-SQL. They are very powerful, but there is a trade-off (there always is). In that they don't necesarily perform as well as T-SQL for standard data operations because they introduce extra layers.

You'll introduce new problems into your programming if you try to go down the CLR route as a way to "secure" you code. Once that happens, you spend a bunch of time and money solving the wrong problems. For what it's worth, I see these needs your bringing up and we're talking about ways to meet the need to offer better protection over IP in the client scenario in a future release of SQL Server.

Mike

|||

Is it possible to disable the DAC?

|||

Actually, DAC is disabled in SQL Express by default, but there is no way to prevent DAC from being enabled and used by someone with the appropriate permissions on you computer.

Mike

|||

What about using SQL Compact and embedding the sql database?

What issues would i have with security with this.

Also what is the max db size and are indexes supported?

|||

There is a forum dedicated to SQL Compact Edition, so you should direct your specific questions to that forum. You may also want to read the information available about SQLce on MSDN, start at http://msdn2.microsoft.com/en-us/sql/bb204609.aspx. Right now SQLce has the same db size limit as SQL Express, 4 GB. The security model is different, you can specify a single password for the entire file and that password must be supplied in order to access the file. When you password protect the database file, it is encrypted, but I'm not sure what level of encryption is used. I believe they support a subset of the same types of indexes available in SQL Server.

Mike

Posted by symbo at 11:37 PM 0 comments
Labels: , , , , , , , , , , , ,

Monday, March 19, 2012

Encrypting a column

Is it possible to have a column in a table stored encrypted but the end
user view the data decrypted?
I'm thinking of a way of having the data remain secure if a copy of the
database or its contents is taken off site.
Any hints appreciated.
RD.
NO. See "Using Encryption Methods" in BOL.
hth
Quentin
"RD" <nospam@.nospam.net> wrote in message
news:%23n8zKy1dFHA.580@.TK2MSFTNGP15.phx.gbl...
> Is it possible to have a column in a table stored encrypted but the end
> user view the data decrypted?
> I'm thinking of a way of having the data remain secure if a copy of the
> database or its contents is taken off site.
> Any hints appreciated.
> RD.
>
|||you'd have to build logic to do this
it aint built in to SQL
Greg Jackson
PDX, Oregon
Posted by symbo at 9:42 AM 0 comments
Labels: , , , , , , , , , , , , ,

Encrypting a column

Is it possible to have a column in a table stored encrypted but the end
user view the data decrypted?
I'm thinking of a way of having the data remain secure if a copy of the
database or its contents is taken off site.
Any hints appreciated.
RD.NO. See "Using Encryption Methods" in BOL.
hth
Quentin
"RD" <nospam@.nospam.net> wrote in message
news:%23n8zKy1dFHA.580@.TK2MSFTNGP15.phx.gbl...
> Is it possible to have a column in a table stored encrypted but the end
> user view the data decrypted?
> I'm thinking of a way of having the data remain secure if a copy of the
> database or its contents is taken off site.
> Any hints appreciated.
> RD.
>|||you'd have to build logic to do this
it aint built in to SQL
Greg Jackson
PDX, Oregon
Posted by symbo at 9:40 AM 0 comments
Labels: , , , , , , , , , , , , ,

Encrypting a column

Is it possible to have a column in a table stored encrypted but the end
user view the data decrypted?
I'm thinking of a way of having the data remain secure if a copy of the
database or its contents is taken off site.
Any hints appreciated.
RD.NO. See "Using Encryption Methods" in BOL.
hth
Quentin
"RD" <nospam@.nospam.net> wrote in message
news:%23n8zKy1dFHA.580@.TK2MSFTNGP15.phx.gbl...
> Is it possible to have a column in a table stored encrypted but the end
> user view the data decrypted?
> I'm thinking of a way of having the data remain secure if a copy of the
> database or its contents is taken off site.
> Any hints appreciated.
> RD.
>|||you'd have to build logic to do this
it aint built in to SQL
Greg Jackson
PDX, Oregon
Posted by symbo at 9:39 AM 0 comments
Labels: , , , , , , , , , , , , ,

Encrypted Store Procedure

Yesterday, I would like to test the Encrypted Store
Procedure with the opinion "ENCRYPTION". After appling the
opinion, I found I can't view the source code of the Store
Procedure.
How can I review the source code of the Stroe Procedure Or
edit it? It is very emergent.Look here:
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=505&lngW
Id=5
HTH, Jens Süßmeyer.
"Alistair" <alistair.wang@.corp.elong.com> schrieb im Newsbeitrag
news:03d001c3781d$c53cd9b0$a301280a@.phx.gbl...
> Yesterday, I would like to test the Encrypted Store
> Procedure with the opinion "ENCRYPTION". After appling the
> opinion, I found I can't view the source code of the Store
> Procedure.
> How can I review the source code of the Stroe Procedure Or
> edit it? It is very emergent.|||To add to the response by Jens, it's a good practice to keep your DDL
scripts in a source control system. This ensures you always have a copy
and versioning capabilities as well.
--
Hope this helps.
Dan Guzman
SQL Server MVP
--
SQL FAQ links (courtesy Neil Pike):
http://www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
http://www.sqlserverfaq.com
http://www.mssqlserver.com/faq
--
"Alistair" <alistair.wang@.corp.elong.com> wrote in message
news:03d001c3781d$c53cd9b0$a301280a@.phx.gbl...
> Yesterday, I would like to test the Encrypted Store
> Procedure with the opinion "ENCRYPTION". After appling the
> opinion, I found I can't view the source code of the Store
> Procedure.
> How can I review the source code of the Stroe Procedure Or
> edit it? It is very emergent.
Posted by symbo at 9:31 AM 0 comments
Labels: , , , , , , , , , , , ,

Wednesday, March 7, 2012

Encapsulate encryption with an UDF and a view

I have a table that has an encrypted account number column. In order to give users access to the data BUT not access to the symmetric key used to encrypt the data, I'm trying to implement the following:

Create an UDF that opens the symmetric key, call the EncryptByKey function, and close the symmetric key
Create a view on the table containing decrypted account numbers
Grant users select permission on the view

However, I got an error when trying to add 'open symmetric key' statement to the UDF:

Msg 443, Level 16, State 14, Procedure fn_DecyptAcctNum, Line 7
Invalid use of side-effecting or time-dependent operator in 'OPEN SYMMETRIC KEY' within a function.

Has anyone else had the same problem OR is there another way that I can limit users' access to the keys?

Thanks!

You cannot use OPEN SYMMETRIC KEY and CLOSE SYMMETRIC KEY in a UDF because they change the state of the openkeys catalog (this is the side-effect from the message).

But if you only want to give users access to data, a view that performs the decryption should be sufficient; there is no need to encapsulate the encryption in a UDF, unless you want to do more than limiting access to the data.

Thanks
Laurentiu|||Laurentiu, Thanks for your help on this!

However, I'm still not sure where to put the 'open symmetric key' statement since it is required to make both EncryptByKey and DecryptByKey work. Let me give you a scenario:

A user wants to lookup the account ID for an account number

The application calls a stored procedure sp_AccountNumberLookup:
sp validates the passed in account number
sp selects from the view (with decrypted account number using UDF)
sp returns the account ID if found

Without having the 'open key' statement before 'select from view', the decrypted account number returns NULL. If I put the 'open key' statement in the sp and give the user exec perm to the sp, then the user would have access to keys as well.

Thanks again for your time!
|||You should create your view using one of the "auto" decrypt builtins, as shown in the example from: http://blogs.msdn.com/lcris/archive/2005/06/10/428178.aspx - check view v_employees_auto. You'll need to protect your symmetric key using a certificate for this to work, but it will allow you to avoid opening the key explicitly.

Thanks
Laurentiu|||Your code sample is extremely helpful and I've implemented the DecryptByKeyAutoCert in the view to restrict user access to the symmetric key.

Thanks a lot, Laurentiu!

Posted by symbo at 5:17 AM 0 comments
Labels: , , , , , , , , , , , , , , , , , ,

Encapsulate encryption with an UDF and a view

I have a table that has an encrypted account number column. In order to give users access to the data BUT not access to the symmetric key used to encrypt the data, I'm trying to implement the following:

Create an UDF that opens the symmetric key, call the EncryptByKey function, and close the symmetric key
Create a view on the table containing decrypted account numbers
Grant users select permission on the view

However, I got an error when trying to add 'open symmetric key' statement to the UDF:

Msg 443, Level 16, State 14, Procedure fn_DecyptAcctNum, Line 7
Invalid use of side-effecting or time-dependent operator in 'OPEN SYMMETRIC KEY' within a function.

Has anyone else had the same problem OR is there another way that I can limit users' access to the keys?

Thanks!

You cannot use OPEN SYMMETRIC KEY and CLOSE SYMMETRIC KEY in a UDF because they change the state of the openkeys catalog (this is the side-effect from the message).

But if you only want to give users access to data, a view that performs the decryption should be sufficient; there is no need to encapsulate the encryption in a UDF, unless you want to do more than limiting access to the data.

Thanks
Laurentiu|||Laurentiu, Thanks for your help on this!

However, I'm still not sure where to put the 'open symmetric key' statement since it is required to make both EncryptByKey and DecryptByKey work. Let me give you a scenario:

A user wants to lookup the account ID for an account number

The application calls a stored procedure sp_AccountNumberLookup:
sp validates the passed in account number
sp selects from the view (with decrypted account number using UDF)
sp returns the account ID if found

Without having the 'open key' statement before 'select from view', the decrypted account number returns NULL. If I put the 'open key' statement in the sp and give the user exec perm to the sp, then the user would have access to keys as well.

Thanks again for your time!|||You should create your view using one of the "auto" decrypt builtins, as shown in the example from: http://blogs.msdn.com/lcris/archive/2005/06/10/428178.aspx - check view v_employees_auto. You'll need to protect your symmetric key using a certificate for this to work, but it will allow you to avoid opening the key explicitly.

Thanks
Laurentiu|||Your code sample is extremely helpful and I've implemented the DecryptByKeyAutoCert in the view to restrict user access to the symmetric key.

Thanks a lot, Laurentiu!

Posted by symbo at 5:17 AM 0 comments
Labels: , , , , , , , , , , , , , , , , , ,

Sunday, February 26, 2012

enabling anonymous access to reports

I'm developing an SSRS 2000 solution that will require allowing anyone in
the company to view certain reports but only a select few to create them
(while I administer the site).
I understand how to add users specifically (Windows NT logins) and assign
them roles, so I'm partway there. What I can't see is how to also enable
anonymous access, either generally or to specific reports or report folders.
If I turn anonymous access on in IIS for the Reports and/or Reportserver
folders, I lose the ability to administer the site. If I turn it off,
anonymous users can't get in. Security seems either black or white and I'm
looking for some shade of grey. I've tried numerous combinations of
settings and nothing has worked. I've added the server's IUSR account to
the SSRS solution but it didn't make any difference. Guest account is
disabled on the server.
What am I missing here? Is it an IAS problem? Note that IAS is on but not
registered in Active Directory for this server (IT is resisting enabling
that) so I hope that's not the problem here.
Thanks all,
Randall ArnoldSorry, posted to wrong group.
Randall
"Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
news:1158332929.797373@.xnews001...
> I'm developing an SSRS 2000 solution that will require allowing anyone in
> the company to view certain reports but only a select few to create them
> (while I administer the site).
> I understand how to add users specifically (Windows NT logins) and assign
> them roles, so I'm partway there. What I can't see is how to also enable
> anonymous access, either generally or to specific reports or report
> folders. If I turn anonymous access on in IIS for the Reports and/or
> Reportserver folders, I lose the ability to administer the site. If I
> turn it off, anonymous users can't get in. Security seems either black or
> white and I'm looking for some shade of grey. I've tried numerous
> combinations of settings and nothing has worked. I've added the server's
> IUSR account to the SSRS solution but it didn't make any difference.
> Guest account is disabled on the server.
> What am I missing here? Is it an IAS problem? Note that IAS is on but not
> registered in Active Directory for this server (IT is resisting enabling
> that) so I hope that's not the problem here.
> Thanks all,
> Randall Arnold
>
Posted by symbo at 9:16 PM 0 comments
Labels: , , , , , , , , , , , , , , , , , ,

enabling anonymous access to reports

I'm developing an SSRS 2000 solution that will require allowing anyone in
the company to view certain reports but only a select few to create them
(while I administer the site).
I understand how to add users specifically (Windows NT logins) and assign
them roles, so I'm partway there. What I can't see is how to also enable
anonymous access, either generally or to specific reports or report folders.
If I turn anonymous access on in IIS for the Reports and/or Reportserver
folders, I lose the ability to administer the site. If I turn it off,
anonymous users can't get in. Security seems either black or white and I'm
looking for some shade of grey. I've tried numerous combinations of
settings and nothing has worked. I've added the server's IUSR account to
the SSRS solution but it didn't make any difference. Guest account is
disabled on the server.
What am I missing here? Is it an IAS problem? Note that IAS is on but not
registered in Active Directory for this server (IT is resisting enabling
that) so I hope that's not the problem here.
Thanks all,
Randall ArnoldSorry, posted to wrong group.
Randall
"Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
news:1158332929.797373@.xnews001...
> I'm developing an SSRS 2000 solution that will require allowing anyone in
> the company to view certain reports but only a select few to create them
> (while I administer the site).
> I understand how to add users specifically (Windows NT logins) and assign
> them roles, so I'm partway there. What I can't see is how to also enable
> anonymous access, either generally or to specific reports or report
> folders. If I turn anonymous access on in IIS for the Reports and/or
> Reportserver folders, I lose the ability to administer the site. If I
> turn it off, anonymous users can't get in. Security seems either black or
> white and I'm looking for some shade of grey. I've tried numerous
> combinations of settings and nothing has worked. I've added the server's
> IUSR account to the SSRS solution but it didn't make any difference.
> Guest account is disabled on the server.
> What am I missing here? Is it an IAS problem? Note that IAS is on but not
> registered in Active Directory for this server (IT is resisting enabling
> that) so I hope that's not the problem here.
> Thanks all,
> Randall Arnold
>
Posted by symbo at 9:15 PM 0 comments
Labels: , , , , , , , , , , , , , , , , ,

enabling anonymous access to reports

I'm developing an SSRS 2000 solution that will require allowing anyone in
the company to view certain reports but only a select few to create them
(while I administer the site).
I understand how to add users specifically (Windows NT logins) and assign
them roles, so I'm partway there. What I can't see is how to also enable
anonymous access, either generally or to specific reports or report folders.
If I turn anonymous access on in IIS for the Reports and/or Reportserver
folders, I lose the ability to administer the site. If I turn it off,
anonymous users can't get in. Security seems either black or white and I'm
looking for some shade of grey. I've tried numerous combinations of
settings and nothing has worked. I've added the server's IUSR account to
the SSRS solution but it didn't make any difference. Guest account is
disabled on the server.
What am I missing here? Is it an IAS problem? Note that IAS is on but not
registered in Active Directory for this server (IT is resisting enabling
that) so I hope that's not the problem here.
Thanks all,
Randall Arnold
Sorry, posted to wrong group.
Randall
"Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
news:1158332929.797373@.xnews001...
> I'm developing an SSRS 2000 solution that will require allowing anyone in
> the company to view certain reports but only a select few to create them
> (while I administer the site).
> I understand how to add users specifically (Windows NT logins) and assign
> them roles, so I'm partway there. What I can't see is how to also enable
> anonymous access, either generally or to specific reports or report
> folders. If I turn anonymous access on in IIS for the Reports and/or
> Reportserver folders, I lose the ability to administer the site. If I
> turn it off, anonymous users can't get in. Security seems either black or
> white and I'm looking for some shade of grey. I've tried numerous
> combinations of settings and nothing has worked. I've added the server's
> IUSR account to the SSRS solution but it didn't make any difference.
> Guest account is disabled on the server.
> What am I missing here? Is it an IAS problem? Note that IAS is on but not
> registered in Active Directory for this server (IT is resisting enabling
> that) so I hope that's not the problem here.
> Thanks all,
> Randall Arnold
>
Posted by symbo at 9:15 PM 0 comments
Labels: , , , , , , , , , , , , , , , , , ,

enabling anonymous access

I'm developing an SSRS 2000 solution that will require allowing anyone in
the company to view certain reports but only a select few to create them
(while I administer the site).
I understand how to add users specifically (Windows NT logins) and assign
them roles, so I'm partway there. What I can't see is how to also enable
anonymous access, either generally or to specific reports or report folders.
If I turn anonymous access on in IIS for the Reports and/or Reportserver
folders, I lose the ability to administer the site. If I turn it off,
anonymous users can't get in. Security seems either black or white and I'm
looking for some shade of grey. I've tried numerous combinations of
settings and nothing has worked. I've added the server's IUSR account to
the SSRS solution but it didn't make any difference. Guest account is
disabled on the server.
What am I missing here? Is it an IAS problem? Note that IAS is on but not
registered in Active Directory for this server (IT is resisting enabling
that) so I hope that's not the problem here.
Thanks all,
Randall ArnoldYou don't have to do individual users. You can also use groups. Almost all
domains have a group that includes everybody (for instance a group called
Users). Just add this group to the browser roll.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
news:1158332996.554286@.xnews001...
> I'm developing an SSRS 2000 solution that will require allowing anyone in
> the company to view certain reports but only a select few to create them
> (while I administer the site).
> I understand how to add users specifically (Windows NT logins) and assign
> them roles, so I'm partway there. What I can't see is how to also enable
> anonymous access, either generally or to specific reports or report
> folders.
> If I turn anonymous access on in IIS for the Reports and/or Reportserver
> folders, I lose the ability to administer the site. If I turn it off,
> anonymous users can't get in. Security seems either black or white and
> I'm
> looking for some shade of grey. I've tried numerous combinations of
> settings and nothing has worked. I've added the server's IUSR account to
> the SSRS solution but it didn't make any difference. Guest account is
> disabled on the server.
> What am I missing here? Is it an IAS problem? Note that IAS is on but not
> registered in Active Directory for this server (IT is resisting enabling
> that) so I hope that's not the problem here.
> Thanks all,
> Randall Arnold
>
>|||We have a User group that I tried but no luck. But your general idea should
be sound so I'll keep digging, thanks.
Randall Arnold
"Bruce L-C [MVP]" <bruce_lcNOSPAM@.hotmail.com> wrote in message
news:eQh%23kfO2GHA.1040@.TK2MSFTNGP06.phx.gbl...
> You don't have to do individual users. You can also use groups. Almost all
> domains have a group that includes everybody (for instance a group called
> Users). Just add this group to the browser roll.
>
> --
> Bruce Loehle-Conger
> MVP SQL Server Reporting Services
> "Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
> news:1158332996.554286@.xnews001...
>> I'm developing an SSRS 2000 solution that will require allowing anyone in
>> the company to view certain reports but only a select few to create them
>> (while I administer the site).
>> I understand how to add users specifically (Windows NT logins) and assign
>> them roles, so I'm partway there. What I can't see is how to also enable
>> anonymous access, either generally or to specific reports or report
>> folders.
>> If I turn anonymous access on in IIS for the Reports and/or Reportserver
>> folders, I lose the ability to administer the site. If I turn it off,
>> anonymous users can't get in. Security seems either black or white and
>> I'm
>> looking for some shade of grey. I've tried numerous combinations of
>> settings and nothing has worked. I've added the server's IUSR account to
>> the SSRS solution but it didn't make any difference. Guest account is
>> disabled on the server.
>> What am I missing here? Is it an IAS problem? Note that IAS is on but
>> not
>> registered in Active Directory for this server (IT is resisting enabling
>> that) so I hope that's not the problem here.
>> Thanks all,
>> Randall Arnold
>>
>|||What I do that simplifies things for me is I create a local group (called
something like Reports). I then add the domain groups and users to it. I
then use this local group to add to a role.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
news:1158362815.849245@.xnews001...
> We have a User group that I tried but no luck. But your general idea
> should be sound so I'll keep digging, thanks.
> Randall Arnold
> "Bruce L-C [MVP]" <bruce_lcNOSPAM@.hotmail.com> wrote in message
> news:eQh%23kfO2GHA.1040@.TK2MSFTNGP06.phx.gbl...
>> You don't have to do individual users. You can also use groups. Almost
>> all domains have a group that includes everybody (for instance a group
>> called Users). Just add this group to the browser roll.
>>
>> --
>> Bruce Loehle-Conger
>> MVP SQL Server Reporting Services
>> "Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
>> news:1158332996.554286@.xnews001...
>> I'm developing an SSRS 2000 solution that will require allowing anyone
>> in
>> the company to view certain reports but only a select few to create them
>> (while I administer the site).
>> I understand how to add users specifically (Windows NT logins) and
>> assign
>> them roles, so I'm partway there. What I can't see is how to also
>> enable
>> anonymous access, either generally or to specific reports or report
>> folders.
>> If I turn anonymous access on in IIS for the Reports and/or Reportserver
>> folders, I lose the ability to administer the site. If I turn it off,
>> anonymous users can't get in. Security seems either black or white and
>> I'm
>> looking for some shade of grey. I've tried numerous combinations of
>> settings and nothing has worked. I've added the server's IUSR account
>> to
>> the SSRS solution but it didn't make any difference. Guest account is
>> disabled on the server.
>> What am I missing here? Is it an IAS problem? Note that IAS is on but
>> not
>> registered in Active Directory for this server (IT is resisting enabling
>> that) so I hope that's not the problem here.
>> Thanks all,
>> Randall Arnold
>>
>>
>
Posted by symbo at 9:15 PM 0 comments
Labels: , , , , , , , , , , , , , , , , ,

Wednesday, February 15, 2012

Empty Page problem with table

I have one table on a page and nothing else (I've deleted other stuff),
when I
render report and switch to the print view all the even number pages appear
empty but valid page number and header. How do I fix this problem?
Thank you in advance.Is the table length exceeds the page length (which is there on report
properties). then you will have this problems. Try fit your table in the
page. e.g A4 size, your table should fit inside that meansurements otherwise
it goes to multiple pages along with empty pages.
Amarnath
"JC" wrote:
> I have one table on a page and nothing else (I've deleted other stuff),
> when I
> render report and switch to the print view all the even number pages appear
> empty but valid page number and header. How do I fix this problem?
>
> Thank you in advance.
Posted by symbo at 8:55 PM 0 comments
Labels: , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)