I am using JasperReports Server 6.2.x to create reports and Dashboards. I am a Jasper user "A" having ROLE_USER ACCESS. I have created new report(in user level only) named "Y" based on my existing report "X" with Input given. The "Y" report should be visible to only the User "A" not the other jasper users. i.e. The Report which i have created and saved newly based on existing reports should be visible only to me.
How to achieve this in JR Server 6.2?
For every group you need additionally add another ROLE, e.g. ROLE_Nagarajan. Then add the role to your (and only your) user.
NOTE: Do not remove the standard role ROLE_USER on the user which gets the new role. It is needed for the server to work properly.
On the newly created report, deny any access from ROLE_USER and allow access from ROLE_Nagarajan.
Now only the user assigned to this role can see and access the newly created report.
If working with folders, you can assign those rights to a folder. Then everything stored in the folder will be only accessible by you.
Related
I want to add a field on Lead Form that will contain a dropdown list/Lookup of my account's Active directory ?
Assuming that everyone is active directory is also a CRM user, then add a lookup on the lead form to the user entity.
I am developing an application in Asp.net using Active Directory to authenticate users. I have been asked to create a timesheet and project management application. The application should allow managers to; select a user,assign a task and show their personal information.
To do this I will need to connect to one of their databases that holds all the relevant data.
What I have done so far is create a modal with a dropdownlist and a connection string to the database needed. The dropdownlist allows you to select a name,a task, task department and task description. I would like it to bind the selected data into a second grid view on their personal profile page.
My problem is that it needs to match the username stored in Active directory when they login, to the name selected from the database in the dropdownlist.
I am lost on how this can be done, I really hope that this makes sense I may have got lost in the woods on this!! I am new to AD.
Attached Image gives you an idea on the dropdownlist and data to bind to the gridview
I am having some trouble creating a new SQL user in SQL Server 2008 R2. When I use SQL Server Management Studio it checks db_owner role membership by default. I just want to create a new sql user with read only access. Even with the following raw SQL it still creates the user with db_owner level permission.
<!-- language: lang-sql -->
CREATE LOGIN readonlyuser
WITH PASSWORD = '12345',CHECK_POLICY = OFF, DEFAULT_DATABASE=mydatabase
GO
USE mydatabase
GO
CREATE USER readonlyuser FOR LOGIN readonlyuser
GO
EXEC sp_addrolemember 'db_datareader', 'readonlyuser'
Now if I log on to SQL Server Management Studio with newly created user I can basically access any table and modify any data any way that I want. This is exactly what I not want to do. I want only to be read data and not to modify any data
Strange thing is if I look at the roles for database the readonlyuser is inside db_datareader and not in db_owner.
So why is SQL creating this user with db_owner level permissions, thus allowing the user to modify data?
Update 2013/08/07
This seems to be happening with just one specific database. I created brand new database and created bunch of tables and then ran the same script above and it is working perfectly fine. But if i try with the actual database where i need this change, it doesn't work like that. It created the user and gave way too much permission.
Is there anything that i can check on that database? Please note that specific database was not designed by me. It is from a 3rd party vendor. So not sure exactly what modifications they might have done.
Any help is greatly appreciated.
I ran into the same issue.
The solution: sp_changedbowner. That fixed it. (Somehow the owner was corrupted)
I don't see any problem in query. And it worked as expected when i tested it. Just for confirmation, verify if user is properly mapped to required database (mydatabase) and db_datareader is selected from user property window.
I found that this happens to me when adding logins to databases that I restored to a new server. In the Files tab of the database's properties, the owner field is blank, even though it lists a user in the General tab. If I populate the owner field with a valid login, then the problem is resolved: new logins don't have "db_owner" checked by default.
To expand on Greg's comment, this probably happens when the restored database was owned on the source server by a login that's not present on the current (the destination) server. The info on the General tab is the original owner (on the source server), which cannot be reflected on the Files tab, since that logion is missing on the current server. In a certain sense this is an "orphaned database" then.
I am working to deploy a reporting solution using SSRS and PerformancePoint. I have 4 databases I have pull from. 3 I have full control over the other I only have an additional domain account that has access to SQL with read only permissions, this is the only option due to the security agreement for this database.
I cannot for the life of me figure out how to publish a report using the domain account protected data. I have tried every combination of authentication I could find on google for the dataset but it just will not work.
Ideas?
My understanding is that you are not combining data from 4 different servers as your data source in this report, correct?
Then, In ReportManager - go to report properties - i.e. right-click on your report and then left-click on Manage from the dropdown menu. Then choose Data Source tab - it will have the following option:
A custom data source
Data source type: Microsoft SQL Server
Connection string: Data Source=YOUR.SERVER.IP.ADDRESS;Initial Catalog=YOUR_DATABASE_NAME
Then choose: Connect using: Credentials stored securely in the report server
You can enter your domain username and password there: e.g.
User name: SOMEDOMAIN\MyUser.Name
Password: MyPa$$wo%d
Then checkmark: Use as Windows credentials when connecting to the data source
You may need to checkmark this one too: Impersonate the authenticated user after a connection has been made to the data source
This will store your login/password combination securely on the server and will allow the report to connect to your datasource.
You can also do this for a shared datasource.
Otherwise, If you're trying to combine data from your 3 servers and 1 additional where you have read-only access only, I would recommend to:
create a linked server entry on one of your servers pointing to that 1 read-only server, and may be two more for the two other servers
create stored procedures that would provide datasets for your report gathering data from the other 3 servers as needed - this way you'd only need 1 datasource on the reportserver
Does this answer your question?
I've just set up SSRS for my office. Some users need to be able to run Report Builder. I've created an AD global group and used Report Manager to assign Report Builder privileges to that group.
I've verified that the Report Builder configuration on SSRS is correct.
Even after these users are assigned to the Report Builder role, the link for Report Builder does not show up when they login to Report Manager.
I've tried having them download Report Builder by providing them the link directly; when they download it and try and execute a report, there is a message saying that the user does not have permissions for this (despite the fact that I've explicitly given them permissions earlier).
The only users who CAN actually run ReportBuilder when assigned that role are Local Admins or Domain Admins.
It isn't realistic for me to assign Local Admin privileges for anyone who wants to do ad-hoc reporting. I must be missing something. Is there a folder these users need access to on the file system? Or perhaps something else I'm overlooking?
I had to ensure that the user who needed access to report builder had the privledge to the "Execute report definitions" task at the system level. I did this by creating a new system role (I named it "System Report Builder Access") and enabling just that one task. I then applied the role to the necessary user.
Hope that helps..