First Off:
SQL Server 2005 Std edit.
RS 2005
Windows Server 2003 Std edit.
Active Directory
I seem to have a unique problem with my Report Server setup. Right now when any of our users attempt to access Report Server, they are prompted for username and password. They enter their username as: domain\username and then enter their password (active directory is enabled). We have no issue with authentication, everyone can get into the server without a problem.
Where the problem lies is after login. No matter what roles I assign to any folder in report server, it seems as though everyone has administrator access to RS. For example, under Site Settings I click Configure Site-Wide Security and add the BUILTIN\Users group as System Users. After applying the change, users are still able to login and change any system level setting they wish to. I've tried using Domain\Domain Users and no luck. I tried adding an individual user as a System User and when logging in as them I can change any system settings I want.
Same goes for setting security on folders in RS. Right now on the Home folder I have security set so that the BUILTIN\Users group has Browser access, yet all users can edit/delete/set properties and generally just behave like admins on any items within the Home folder. I tried adding individual users and limiting their access, other active directory groups, everything but the kitchen sink and yet they are always able to behave like an admin.
The documentation states that after installation of RS, no one but the BUILTIN\Administrator account can access the server. I did not find this to be the case though, as users I had test the installation were able to access it right off the bat. In fact if I remove all groups but BUILTIN\Administrator from the Home folder, everyone can still see all of the reports without issue.
I'll be the first to admit that I am new to all of this and I am wearing many hats at the moment, but this security issue has me stumped. I've searched Google, the forums, read MSDN up and down, have several RS books and yet here I am. Can anyone shed some light on this for me?
Thanks in Advance.
EDIT - I just checked the virtual directories for Reports and ReportServer and the BUILTIN\Users group has the following access: Read, List Folder Content and Read & Execute. Could this be why I can't set role permissions in Report Server?
OMG, nevermind. It seems that after some deep investigation all of the ID's I was using to access the Report Server were buried in a groupthat was nested in another group that was nested within the Administrators group. I got so fed up I created a new ID and logged into RS and security was working as expected. Once again I post, only to discover it is all user error. Sorry all.
J
No comments:
Post a Comment