I am having a problem trying to set permissions based on an Active
Directory security group account. I go to the permissions of the Home
page and add DOMAIN\Group with the Browser role. I then go to the
specific folders under Home and add the same Group to it with the
Browser role. When the user that is in that group goes to the Report
Server, they see a page with only Home and no links. If I add the
Domain Users group, then the user can see the folders. If I add just
the user, then they can see the folders. But I want to use Security
Groups to enforce permissions.
Has anyone gotten this to work? Any help is greatly appreciated.
Thanks
RickHi Rick,
I experience this often with newly created AD Groups. I find that you have
to wait a while (2-3 Hours) until the report server can recognise the new
group. Hope the solution is that simple for you as well...
Cheers
Darren
"Rick Saavedra" wrote:
> I am having a problem trying to set permissions based on an Active
> Directory security group account. I go to the permissions of the Home
> page and add DOMAIN\Group with the Browser role. I then go to the
> specific folders under Home and add the same Group to it with the
> Browser role. When the user that is in that group goes to the Report
> Server, they see a page with only Home and no links. If I add the
> Domain Users group, then the user can see the folders. If I add just
> the user, then they can see the folders. But I want to use Security
> Groups to enforce permissions.
> Has anyone gotten this to work? Any help is greatly appreciated.
> Thanks
> Rick
>
Showing posts with label based. Show all posts
Showing posts with label based. Show all posts
Wednesday, March 21, 2012
Permissions on Views vs. Tables
I am using an Access ADP (version 2003) as a front-end to a SQL Server 2000
database. Based on what I have read, I should be able to not let anybody see
the tables directly, and work everything through Views and SPs. To do this,
I
grant no permissions at all on the tables, and appropriate SELECT, INSERT,
UPDATE, and DELETE permissions on the views. However, the views in Access ar
e
still coming up as "Recordset not updatabel". Only by granting permissions o
n
the tables do the views become updatable. Worse yet, if I DENY permissions
for UPDATE etc on the views but grant them on the tables, the views are stil
l
updatable.
This seems very backwards. I thought it was supposed to take the permissions
on the View, regarless of the permissions on the table (except for DENY
permissions, of course).
--
ToddYou can specify the VIEW_METADATA option on the CREATE VIEW statement so
that APIs return metadata for the view rather than the underlying tables.
For example:
CREATE VIEW dbo.MyView
WITH VIEW_METADATA
AS
SELECT MyColumn FROM dbo.MyTable
GO
Hope this helps.
Dan Guzman
SQL Server MVP
"Todd Chittenden" <ToddChittenden@.discussions.microsoft.com> wrote in
message news:187A1C5F-5CA1-4FA2-825C-859FFCF0FC20@.microsoft.com...
>I am using an Access ADP (version 2003) as a front-end to a SQL Server 2000
> database. Based on what I have read, I should be able to not let anybody
> see
> the tables directly, and work everything through Views and SPs. To do
> this, I
> grant no permissions at all on the tables, and appropriate SELECT, INSERT,
> UPDATE, and DELETE permissions on the views. However, the views in Access
> are
> still coming up as "Recordset not updatabel". Only by granting permissions
> on
> the tables do the views become updatable. Worse yet, if I DENY permissions
> for UPDATE etc on the views but grant them on the tables, the views are
> still
> updatable.
> This seems very backwards. I thought it was supposed to take the
> permissions
> on the View, regarless of the permissions on the table (except for DENY
> permissions, of course).
> --
> Todd
database. Based on what I have read, I should be able to not let anybody see
the tables directly, and work everything through Views and SPs. To do this,
I
grant no permissions at all on the tables, and appropriate SELECT, INSERT,
UPDATE, and DELETE permissions on the views. However, the views in Access ar
e
still coming up as "Recordset not updatabel". Only by granting permissions o
n
the tables do the views become updatable. Worse yet, if I DENY permissions
for UPDATE etc on the views but grant them on the tables, the views are stil
l
updatable.
This seems very backwards. I thought it was supposed to take the permissions
on the View, regarless of the permissions on the table (except for DENY
permissions, of course).
--
ToddYou can specify the VIEW_METADATA option on the CREATE VIEW statement so
that APIs return metadata for the view rather than the underlying tables.
For example:
CREATE VIEW dbo.MyView
WITH VIEW_METADATA
AS
SELECT MyColumn FROM dbo.MyTable
GO
Hope this helps.
Dan Guzman
SQL Server MVP
"Todd Chittenden" <ToddChittenden@.discussions.microsoft.com> wrote in
message news:187A1C5F-5CA1-4FA2-825C-859FFCF0FC20@.microsoft.com...
>I am using an Access ADP (version 2003) as a front-end to a SQL Server 2000
> database. Based on what I have read, I should be able to not let anybody
> see
> the tables directly, and work everything through Views and SPs. To do
> this, I
> grant no permissions at all on the tables, and appropriate SELECT, INSERT,
> UPDATE, and DELETE permissions on the views. However, the views in Access
> are
> still coming up as "Recordset not updatabel". Only by granting permissions
> on
> the tables do the views become updatable. Worse yet, if I DENY permissions
> for UPDATE etc on the views but grant them on the tables, the views are
> still
> updatable.
> This seems very backwards. I thought it was supposed to take the
> permissions
> on the View, regarless of the permissions on the table (except for DENY
> permissions, of course).
> --
> Todd
Friday, March 9, 2012
Permissions
I'm using sql 2000 and access 2002. I've created two
groups, users and admin. I've created two forms based on
two queries, FullView and LimitedView. Each query is
based on 10 different tables and each form is meant to be
read only. The only difference between the two queries is
a few fields that contain sensitive data.
I'm trying to use Enterprise Manager to assign
permissions. I've given the user and admin groups
db_datareader and db_datawriter permissions (both groups
will need to have write permission on other tables). I've
given both groups Select, Insert and Update on each of
the Tables the queries are based on.
I've given Select permissions for the admin group on the
FullView query and denied permissions to the users group.
And I've given Select permissions to users on the
LimitedView query.
After doing this the users can access both the FullView
and LimitedView queries.
What I'm doing wrong? Also, can anyone point me to some
information on assigning permissions?
Thanks for the help,
PaulIn future, you should start a new thread for a question instead of
piggybacking on an existing thread. Many people smiply blow by
questions that have replies. Here's a good resource to help you get
started with SQL Server security:
[url]http://www.microsoft.com/sql/techinfo/administration/2000/security/default.asp[/ur
l]
The reason the users can see both views is that you've granted them
permissions to select from the base tables. Bear in mind that if you
want users to update data through the view using Access you have to
use the VIEW_METADATA syntax when creating the view.
--Mary
On Mon, 16 Aug 2004 05:31:00 -0700, "Paul Scott"
<anonymous@.discussions.microsoft.com> wrote:
>I'm using sql 2000 and access 2002. I've created two
>groups, users and admin. I've created two forms based on
>two queries, FullView and LimitedView. Each query is
>based on 10 different tables and each form is meant to be
>read only. The only difference between the two queries is
>a few fields that contain sensitive data.
>I'm trying to use Enterprise Manager to assign
>permissions. I've given the user and admin groups
>db_datareader and db_datawriter permissions (both groups
>will need to have write permission on other tables). I've
>given both groups Select, Insert and Update on each of
>the Tables the queries are based on.
>I've given Select permissions for the admin group on the
>FullView query and denied permissions to the users group.
>And I've given Select permissions to users on the
>LimitedView query.
>After doing this the users can access both the FullView
>and LimitedView queries.
>What I'm doing wrong? Also, can anyone point me to some
>information on assigning permissions?
>Thanks for the help,
>Paul
groups, users and admin. I've created two forms based on
two queries, FullView and LimitedView. Each query is
based on 10 different tables and each form is meant to be
read only. The only difference between the two queries is
a few fields that contain sensitive data.
I'm trying to use Enterprise Manager to assign
permissions. I've given the user and admin groups
db_datareader and db_datawriter permissions (both groups
will need to have write permission on other tables). I've
given both groups Select, Insert and Update on each of
the Tables the queries are based on.
I've given Select permissions for the admin group on the
FullView query and denied permissions to the users group.
And I've given Select permissions to users on the
LimitedView query.
After doing this the users can access both the FullView
and LimitedView queries.
What I'm doing wrong? Also, can anyone point me to some
information on assigning permissions?
Thanks for the help,
PaulIn future, you should start a new thread for a question instead of
piggybacking on an existing thread. Many people smiply blow by
questions that have replies. Here's a good resource to help you get
started with SQL Server security:
[url]http://www.microsoft.com/sql/techinfo/administration/2000/security/default.asp[/ur
l]
The reason the users can see both views is that you've granted them
permissions to select from the base tables. Bear in mind that if you
want users to update data through the view using Access you have to
use the VIEW_METADATA syntax when creating the view.
--Mary
On Mon, 16 Aug 2004 05:31:00 -0700, "Paul Scott"
<anonymous@.discussions.microsoft.com> wrote:
>I'm using sql 2000 and access 2002. I've created two
>groups, users and admin. I've created two forms based on
>two queries, FullView and LimitedView. Each query is
>based on 10 different tables and each form is meant to be
>read only. The only difference between the two queries is
>a few fields that contain sensitive data.
>I'm trying to use Enterprise Manager to assign
>permissions. I've given the user and admin groups
>db_datareader and db_datawriter permissions (both groups
>will need to have write permission on other tables). I've
>given both groups Select, Insert and Update on each of
>the Tables the queries are based on.
>I've given Select permissions for the admin group on the
>FullView query and denied permissions to the users group.
>And I've given Select permissions to users on the
>LimitedView query.
>After doing this the users can access both the FullView
>and LimitedView queries.
>What I'm doing wrong? Also, can anyone point me to some
>information on assigning permissions?
>Thanks for the help,
>Paul
Monday, February 20, 2012
Permission error on drillthrough
I've published a matrix type report through report builder to my report server, based on the model I created. When I click the subtotals to drillthrough, I receive the following error:
"The permissions granted to user 'Domain\userid' are insufficient for performing this operation. (rsAccessDenied)"
If I explicitly specify another report to tie to the drillthrough property on the entity via the model property page in SSMS, the drillthrough stuff works fine. But if I just rely on Reporting services to auto generate ( see "Autogenerated" here ) the clickthrough report I get the error above. Can anyone help?
Subscribe to:
Posts (Atom)