SSRs permission settings

SQL Server reporting services are not specifically designed for Internet report deployment. However, you can successfully place Reporting Services on Internet-oriented web servers,
To disseminate general information to the public or confidential company data to authorized and authenticated users.

Report preparation in a company project is upgraded to SQL Server 2005, and the report system will use reporting services integrated in SQL Server 2005.
However, when I publish a report template to the IIS server and access it via the IE client via a browser, the Windows Integrated Identity Authentication Dialog Box is displayed by default.
If you select the option to allow anonymous (IUSR _ **) access in the IIS configuration, the following message is displayed when the IE client accesses the site again:
1) The user "nt authority/network service" is not authorized enough to perform this operation. (Rsaccessdenied)
2) request failed due to HTTP status 401: unauthorized. (IUSR _ ** has insufficient access permissions .)

For this problem, I solved some problems after referring to an article on msdn and the Internet (http://www.cnblogs.com/firmwolf/archive/2005/08/04/207062.html.
Solution:
In addition to setting IIS to allow anonymous access, you also need to set access permissions for the Reporting Services site and user access permissions for data sources in SQL Server.

Below I will list the steps to be done. Note that the report template created by reporting services has been correctly published to the IIS server using Visual Studio. NET 2005.

Step 1: Access http: // localhost/reports locally on the Web server running IIS. This is the management site of reporting services. In Properties) add a browser only under the page)
Role ). Note that the user name of the new role is IUSR _ ** (anonymous user ). This step is the step in that article. ()

1. Click "create role assignment"
2. In the pop-up ie window, enter IUSR _ ** (anonymous user) in the "Group or user name" text box ).
3. Select the "Viewer" permission and click OK.
4. The added role (role) is displayed on the http: // localhost/Reports page ).

 

Step 2: In addition to setting up the IIS Site for reporting services to allow IUSR _ ** (anonymous users) access, first, you must set the database in SQL Server 2005 to allow IUSR _ ** (anonymous users) to have read-only access and stored procedure execution permissions. Because some reports may be generated by stored procedures.
 
On the database server running SQL Servier 2005, open Microsoft SQL Server Management studio.
In object explorer, right-click the logins (login name) directory under the security (Security) directory,
In logins (New login name...), set in the pop-up dialog box.
Or right-click "security" and choose "New"> "Log on. ()

1. Right-click the menu and select "New login name ...".

2. In the login name text box, enter IUSR _ ** (anonymous user) and select "Windows Authentication ".

3. In the "default database" drop-down list box, find the data source database of the Report Template created by reporting services.

4. Click "User ing" in the "Select page" list ".

5. On the "user ing" Page, select the data source database of the Report Template created by reporting services in "ing to this login name.

6. OK

 

Step 3: Find the data source database of Reporting Services in Microsoft SQL Server Management studio,
Under "security" --> "user", find the added IUSR _ ** (anonymous user ). Set his access permissions to the database. ()

1. Right-click IUSR _ ** (anonymous user) and choose "attribute" from the menu ".
2. Select "security object" in the pop-up dialog box ".
3. Click "add ...".
4. In the dialog box that appears again, select "all objects of a specific type (t )....".
5. Click "OK.
6. In the pop-up dialog box, select "Database" in the "select object type (s) to be searched" list box ".
7. Click "OK ".

 

Step 3: Select IUSR _ ** (anonymous user) to authorize the database.

1. In the "** display permission (p)" list, find select and execute (if you do not execute the stored procedure, you can leave it unselected), and select.
(Note: you will see the default check box after connect, because the default login to the database set above is the database)

2. Click "OK ".

Step 4: Set the IUSR _ ** (anonymous user) logon password.
1. control Panel --> management tools --> Computer Management --> local users and groups --> select "IUSR _ ** (anonymous user)" --> set the password. () --> click "continue" in the pop-up window --> change the password in the pop-up window.

Step 5: Open the IIS manager and set the reportserver virtual directory to anonymous access.
 

1. Open the IIS manager and click "properties" in the reportserver virtual directory ".

2. on the "Directory Security" Page, find "authentication and access control" and click "Edit ...".

4. In the displayed "authentication method" dialog box, select "enable Anonymous access ".
5. In the password input box, enter the password modified in step 4.
6. In the location where "user access requires authentication", "Integrated Windows Authentication" is selected by default ". You do not need to modify it here.
If the check box is removed before "Integrated Windows Authentication", access from the Local Machine (the machine on which the IIS server is located) to the Reporting Services web site becomes anonymous.

7. Click "OK ".

 

Step 6: Access the Reporting Services web site through other client machines. The Windows User Logon window is no longer displayed. Access to the Reporting Services web site has been changed to access by anonymous users.
 

However, note that a problem may occur at the same time. When we access http: // localhost/reports again, we find that you cannot assign permissions to reporting services.
When http: // localhost/reports is enabled, only the "content" option on the category page is displayed, and the "attribute" option is not displayed.
This is a deliberate design of the Reporting Services product, because all users can access the web site anonymously, and it is definitely not feasible if the permissions are changed.

If you need to modify the "attributes" of/reports, the only thing you can do is to re-open the IIS manager, remove the "Anonymous Access" option in/reportserver, and then modify it.
After modification, change/reportserver to "anonymous access ".