I am working to deploy a reporting solution using SSRS and PerformancePoint. I have 4 databases I have pull from. 3 I have full control over the other I only have an additional domain account that has access to SQL with read only permissions, this is the only option due to the security agreement for this database.
I cannot for the life of me figure out how to publish a report using the domain account protected data. I have tried every combination of authentication I could find on google for the dataset but it just will not work.
Ideas?
My understanding is that you are not combining data from 4 different servers as your data source in this report, correct?
Then, In ReportManager - go to report properties - i.e. right-click on your report and then left-click on Manage from the dropdown menu. Then choose Data Source tab - it will have the following option:
A custom data source
Data source type: Microsoft SQL Server
Connection string: Data Source=YOUR.SERVER.IP.ADDRESS;Initial Catalog=YOUR_DATABASE_NAME
Then choose: Connect using: Credentials stored securely in the report server
You can enter your domain username and password there: e.g.
User name: SOMEDOMAIN\MyUser.Name
Password: MyPa$$wo%d
Then checkmark: Use as Windows credentials when connecting to the data source
You may need to checkmark this one too: Impersonate the authenticated user after a connection has been made to the data source
This will store your login/password combination securely on the server and will allow the report to connect to your datasource.
You can also do this for a shared datasource.
Otherwise, If you're trying to combine data from your 3 servers and 1 additional where you have read-only access only, I would recommend to:
create a linked server entry on one of your servers pointing to that 1 read-only server, and may be two more for the two other servers
create stored procedures that would provide datasets for your report gathering data from the other 3 servers as needed - this way you'd only need 1 datasource on the reportserver
Does this answer your question?
Related
I've been searching everywhere but it seems as nobody has my problem. I recently created an Azure SQL Database and I have not had luck at all with figuring out what to do with the error 18456. I Many times I've seen the "Just right click the database and go to properties and security" but there is no security. In fact there seem to be a lot of things I don't have when I right click. I barely know anything about any of this though, so I've tried quite a few things. At one point I thought I needed to use the sample adventure works. but that wasn't it. So I'd be really grateful if anyone helped.
[SSMS Version: 16.4.1]
[Azure SQL Database: Server Version 12]
Picture of my properties menu in SSMS(SQL Server Management Studio)
]
Picture of my right click
]
Your error is common, but the way you solve it on-premise or using virtual machines (Infrastructure-as-a-Service, IaaS) is different than how you would solve it for Windows Azure SQL Database (WASD). WASD is a Platform-as-a-Service version of SQL Server. The SQL Instance is logical, so you have to change some of your thought processes. One of the chief ways you'll need to change your thought processes is in how you manage your SQL Databases.
When you're in WASD and you create a database, you're asked to create an administrative username and password. Using that account you can deploy the schema of your database as well as SQL Authenticated Users and permissions. You don't have permission to change the instance's authentication types, that's why you don't see an option for security when you right-click on the instance name and choose properties.
The following steps are how you would create a new LOGIN to allow this new user to authenticate to the virtual instance. After you've created a LOGIN, you then need to create a database USER for this LOGIN. With this USER, you can then assign permissions for what this USER can and cannot do.
Adding Logins for your Windows Azure SQL Database
A few notes before we get started. In the following code anything in angle brackets (< and >) mean this is a variable you can change. So would be the username you want to create for your Entity-Framework application. would be the password you want to use for your .
Use your administrative credentials to connect to your instance. This account has permissions to control everything about your database. When you connect, you should find that by default you've connected to the master database on that instance. If not, use the drop-down at the top of SSMS to change to master. "USE master" will not work.
From this connection, the following T-SQL will create your Entity-Framework's username and password.
CREATE LOGIN [<username>] WITH PASSWORD = '<password>';
At this point, if you were to try and connect to the virtual instance with this and , you could connect to your virtual instance, but not any database on this virtual instance. Your error message would say something like:
The server principal "" is not able to access the database
"" under the current security context....
You need to take at least one more step before this user can connect to your user database.
Now, from that same SSMS script window, change the database to the user database () you're granting access to. This will be the database you want your Entity-Framework application to use. Remember, use the drop-down at the top.
First we will create a database user for the login created in the previous step.
CREATE USER [<username>] FOR LOGIN <username>
Then, we will allow this to connect to your user database , the database you want the Entity-Framework application to use.
GRANT CONNECT TO [<username>]
At this point, your new username can log in to the virtual instance and connect to your user database.
Now, you will need to add any other permissions this user will need. For example, if your will only need read permissions, you could get away with adding the user to the db_datareader database role. Add those permissions now.
Special note about connection and connection strings
Your user is now setup to connect to your user database. That means in SSMS if you try and connect with your Entity-Framework user, there is an extra step to your connection dialog box. Before you click Connect, you have to hit the Options button.
Since your user cannot hit master, you have to tell SSMS you want to connect to the user database first and avoid hitting master. By default, SSMS will try to connect to your SQL instance's master database first.
You have to enter the name of the database in the "connect to database" entry. After you've entered the database, you can then hit connect.
I'll guess that in your application it already had the "Default Catalog=" value set to your user database, and you were able to connect. Setting this value in options is like setting that "Default Catalog=" value.
I hope this helps you in breaking into WASD a little more.
EDITS: attempting to add clarity to the differences between IaaS SQL Server instances and PaaS Windows Azure SQL Database. I previously missed the FOR LOGIN clause on the CREATE USER statement.
I am a beginner with SQL so I struggle with the MSDN description for creating a linked server in Management Studio.
I whant to link a SQL Server into another to use everything from ServerB on ServerA to e.g. provide one location other systems can connect to.
Both servers are in the same domain and both server have several databases inside.
When I start creating a linked server on ServerA in the general tap I select a name for the linked server and select SQL Server as Server type.
But I struggle on the Security tap. I have on both servers sa privilege so what is to set here?
Or which role should I take/crate for this connection?
My plan is to create views in a certain DB on ServerA with has also content of ServerB inside.
This views will be conusumed from an certain AD service user.
I already added this service user to the security on ServerA where the views are stored.
Do I also have to add this user somewhere on the linked ServerB?
I would recommend that you use Windows Authentication. Activate Security Delegation.
In the Security tab, choose "Add". Select your Windows user and check "Impersonate".
As a quick and dirty solution, you can choose "Be made using this security context" from the options list and enter a SQL Login which is valid on the remote server. Since quick and dirty solutions tend to last, i would strongly recommend to spend some time on impersonation.
In Server Objects => right click New Linked Server
2. The “New Linked Server” Dialog appears. (see below).
3. For “Server Type” make sure “Other Data Source” is selected. (The
SQL Server option will force you to specify the literal SQL Server
Name)
Type in a friendly name that describes your linked server (without spaces). – Select “Microsoft OLE DB Provider for SQL Server”
Product Name – type: SQLSERVER (with no spaces)
Datasource – type the actual server name, and instance name using this convention: SERVERNAMEINSTANCENAME
ProviderString – Blank
Catalog – Optional (If entered use the default database you will be using)
Prior to exiting, continue to the next section (defining security)
Click OK, and the new linked server is created
The easiest way would be to specify to make the connection using the current context, i.e. the user loging on to ServerA:
EXEC master.dbo.sp_addlinkedserver #server = N'ServerB', #srvproduct=N'SQL Server'
EXEC master.dbo.sp_addlinkedsrvlogin #rmtsrvname=N'ServerB',#useself=N'True',#locallogin=NULL,#rmtuser=NULL,#rmtpassword=NULL
This however assumes that users accessing the linked server connection have the correct privileges on ServerB (part 2 of your question) - otherwise you'd need to use impersonation as described by Martin K.
I'm trying to create a Penaho Dashboard using CDE and I have problems accessing my Data.
I have found tutorials but they always use SampleData or Steel Wheels. I have managed to do that myself, but I need to access my own database.
I was able to connect with my oracle database from the Data Source manager and created my own Data Source. But now I don't know how to access those tables from CDE. If I chose "sql datasource" I see the SampleData datasource and can do queries on it, but not the one I created with my database.
So, once I create a connection with my orcale database, how do I access my tables from CDE?
Thanks
There are two options:
SQL over JDBC: you define the db host, port, name, username and password;
SQL over JNDI: it'll use a registered JNDI from the Pentaho platform.
The JNDI field is an auto-complete field and fills in the various available options. However, if your newly created connection doesn't show up there, don't worry. Just type it in, it'll work.
you have to setup your data-source..
Click on datasources-panel on right corner
Click on sql Queries from the list you have seen on left side.
then click on sql over sqljndi
now here in properties in jndi set your database connection you want to access.
you can-not see the out-put of particular query in CDE for that open the same file in CDA for checking particular query's result(which you can find under files section).
We have an ASP .NET MVC web application that links to some SQL Server Reporting Services reports. Our web application uses one database for the morning (let's call this the "AM database") and a different database for the afternoon/night ("PM database").
We have a SQL Server Agent job set up that switches the connection string for the web application from the AM database to the PM database (or vice-versa) on a schedule. It works by copying/replacing the MVC application's Web.config file with the appropriate AM/PM version. This works as intended.
However, the reports will remain pointed to whichever database they were using previously, unless the data source is manually changed through SSRS. These reports need to be updated to point to the same database as the MVC web app.
How can I automate this process (preferably through SQL Server Agent)? We need the reports to change their database connection on a regular interval.
This works for embedded connections I am not sure about shared data source references. Just add two parameters to your report for database name and database server name. You could also use codes or mask the names if you prefer not so send this info over the wire.
In your embedded data set add the following as your connectionstring
expression:="Data Source="+Parameters!DatabaseServerName.Value+";Initial Catalog="&Parameters!DatabaseName.Value
Next, add a defined user for your credentials then all you need to do is pass in the two params for each report from your application.
NOTE: You need to add your defaults when designing to a server that is accessible.
I am new to SSRS and have deployed several reports. When I force windows authentication, everything works fine, but when I do this:
I am getting this error:
An error has occurred during report processing. (rsProcessingAborted)
Query execution failed for dataset 'DataSet1'.
(rsErrorExecutingCommand) Login failed for user 'DWH_Reporting_User'.
I've configured the DWH_Reporting_User like this:
here are the details on DWH_Reporting_User for the ReportServer database:
here is the security on the server:
when i try to set security for that specific folder:
i am getting this error msg:
is there something obviously wrong with the way I've configured things?
The answer to this question was a series of comments. I went ahead and put it in the chat as well as an answer.
Go to the security of the server not the database and map the user to that database.
Can you recycle the application pool on the server where reporting services is running? Or reboot the IIS server if possible.
Another thing that comes to mind, when you launch this report it goes into the report server "Portal". Does this user have access to the actual report to view it? Click the details section of this "Portal" and assign this user as a content manager role.
DWH_REPORTING_USER is this an admin account on your domain?
Local admin on the server, so did you grant \COMPUTER_NAME\DWH_Reporting_User rights as a content manager in the roles section? Why dont you use a domain admin account?
So how do you access the actual report - that is your issue.
Do me a favor aprem, write up a stored procedure or sql query in the first tab of reporting services and run it using that user. Meaning in the shared data source it should be using this user DWH_Reporting_user. Test the connection then write a small sql statement to retrieve some data. Run the SQL script from within RS do you see any data?
#Aprem look at the three tabs at the top of rs, its the first tab to define datasets, this is where you can create an SQL query (and run it using the red exclamation mark). – JonH 20 mins ago
i defined a new dataset as "select top 1000 * from mytable", i rebuilt the project, deployed it, and now what do id o? – Артём Царионов 16 mins ago
In the "Shared Datasets" you have a dataset right? Double click on it and go to "Query Designer" it is a button on this form. Click on it and "Execute" the query (red exclamation mark). You dont need to deploy it right now, just do it on a test machine.ago
You specify the user in the datasource section "Shared Data Sources", that account is the account being used to "pull" the data. You really need to experiement with RS some more or read some material on it. This is as basic as it gets.
*Ok aprem do you understand your issue now, the user you are using to get the data has no issues, in addition, it is functioning correctly. Now you have to view the report. To view the report is to view the webpage, and to view a web page means you need to either use "Anon" access or windows authentication. So you need a domain or local WINDOWS account to view the report. This account needs to be setup on the RS portal as a content manager role. *
You are dealing with two beasts, one is the database (db server) and one is IIS (web server) each serve a specific purpose. The database serves to allow you to pull data while the web server hosts the pages.
The reportserver database is very important, it keeps a listing of all your reports and the meta data associated with your reports in the database. It also stores job ids and subscriptions associated with your reports. Basically it is the backend database for all reporting services stuff like reports, datasets, and datasources. Think of it this way when you create a new "Report Project" you are allowed to create reports, datasets, and datasources. Without the reportserver database how would the system remember your datasets, datasources, and report names? It is the heart of rs.
your data set is not used to connect to the reporting services databse, it is used to connect to the database you are getting the data to display on your report.
Does that user exist on the database the report is accessing?