SSRS 2005 questions
in [Reports]
|
From: Mecn on 18 Dec 2009 09:21 Hi, We are trying to have SSRS2005 ready for production and I heard that SSRS2005 upgrade to SSRS2005 is very difficult and SSRS2005 securty is very poor. IS that True? Thanks,
From: Bruce L-C [MVP] on 18 Dec 2009 09:32 Do you mean upgrade from RS 2000 to RS 2005. That upgrade was quite easy. The upgrade to RS 2008 is more difficult because they made major architectural changes that cause the upgrade to be more of an install and migration rather than an upgrade. As far as security you need to be more specific. I am not aware of security issues. BUT, it depends on what you mean by it. The way I look at security for my site, if you have rights to a report you have rights to the data in the report. But, in a few cases where that isn't true then I use the User!UserID global variable to restrict the access to a report. Now, if you have data that you need to restrict and you are doing it by the parameter being passed into the report, then that can be modified. The way to look at it is that RS uses role based security and is giving rights to run a report. The data behind the report it is up to you on how restrictive to make it. You can use User!UserID, you can use the login user in the data source. By that I mean you add the user as a login to SQL Server and then the credentials used for the data source is the user viewing the report. I don't do that. I have SQL Server in mixed mode and have a login that has read only rights and give that use execute rights on appropriate stored procedures. Then all reports use this special user for the credentials. The person running the report is only used by RS to determine if they have the right to run the report. -- Bruce Loehle-Conger MVP SQL Server Reporting Services "Mecn" <mecn(a)yahoo.com> wrote in message news:eu63k1#fKHA.5792(a)TK2MSFTNGP05.phx.gbl... > Hi, > > We are trying to have SSRS2005 ready for production and I heard that > SSRS2005 upgrade to SSRS2005 is very difficult and SSRS2005 securty is > very > poor. > IS that True? > > Thanks, >
From: Mecn on 18 Dec 2009 09:41 I mean SSRS 2005 upgrade to RRSR2008 "Bruce L-C [MVP]" <bruce_lcNOSPAM(a)hotmail.com> wrote in message news:ebRM97%23fKHA.5564(a)TK2MSFTNGP06.phx.gbl... > Do you mean upgrade from RS 2000 to RS 2005. That upgrade was quite easy. > The upgrade to RS 2008 is more difficult because they made major > architectural changes that cause the upgrade to be more of an install and > migration rather than an upgrade. > > As far as security you need to be more specific. I am not aware of > security issues. BUT, it depends on what you mean by it. > > The way I look at security for my site, if you have rights to a report you > have rights to the data in the report. But, in a few cases where that > isn't true then I use the User!UserID global variable to restrict the > access to a report. > > Now, if you have data that you need to restrict and you are doing it by > the parameter being passed into the report, then that can be modified. > > The way to look at it is that RS uses role based security and is giving > rights to run a report. The data behind the report it is up to you on how > restrictive to make it. You can use User!UserID, you can use the login > user in the data source. By that I mean you add the user as a login to SQL > Server and then the credentials used for the data source is the user > viewing the report. > > I don't do that. I have SQL Server in mixed mode and have a login that has > read only rights and give that use execute rights on appropriate stored > procedures. Then all reports use this special user for the credentials. > The person running the report is only used by RS to determine if they have > the right to run the report. > > > -- > Bruce Loehle-Conger > MVP SQL Server Reporting Services > > "Mecn" <mecn(a)yahoo.com> wrote in message > news:eu63k1#fKHA.5792(a)TK2MSFTNGP05.phx.gbl... >> Hi, >> >> We are trying to have SSRS2005 ready for production and I heard that >> SSRS2005 upgrade to SSRS2005 is very difficult and SSRS2005 securty is >> very >> poor. >> IS that True? >> >> Thanks, >>
From: Mecn on 18 Dec 2009 09:48 Thanks a lot Bruce. Is it still OK to upgrade from SSRS2005 to SSRS2008 instead of Migrate/ install "Bruce L-C [MVP]" <bruce_lcNOSPAM(a)hotmail.com> wrote in message news:ebRM97%23fKHA.5564(a)TK2MSFTNGP06.phx.gbl... > Do you mean upgrade from RS 2000 to RS 2005. That upgrade was quite easy. > The upgrade to RS 2008 is more difficult because they made major > architectural changes that cause the upgrade to be more of an install and > migration rather than an upgrade. > > As far as security you need to be more specific. I am not aware of > security issues. BUT, it depends on what you mean by it. > > The way I look at security for my site, if you have rights to a report you > have rights to the data in the report. But, in a few cases where that > isn't true then I use the User!UserID global variable to restrict the > access to a report. > > Now, if you have data that you need to restrict and you are doing it by > the parameter being passed into the report, then that can be modified. > > The way to look at it is that RS uses role based security and is giving > rights to run a report. The data behind the report it is up to you on how > restrictive to make it. You can use User!UserID, you can use the login > user in the data source. By that I mean you add the user as a login to SQL > Server and then the credentials used for the data source is the user > viewing the report. > > I don't do that. I have SQL Server in mixed mode and have a login that has > read only rights and give that use execute rights on appropriate stored > procedures. Then all reports use this special user for the credentials. > The person running the report is only used by RS to determine if they have > the right to run the report. > > > -- > Bruce Loehle-Conger > MVP SQL Server Reporting Services > > "Mecn" <mecn(a)yahoo.com> wrote in message > news:eu63k1#fKHA.5792(a)TK2MSFTNGP05.phx.gbl... >> Hi, >> >> We are trying to have SSRS2005 ready for production and I heard that >> SSRS2005 upgrade to SSRS2005 is very difficult and SSRS2005 securty is >> very >> poor. >> IS that True? >> >> Thanks, >>
From: Bruce L-C [MVP] on 18 Dec 2009 10:47
If you have done an install from 2000 to 2005 keep in mind this is totally different. 2000 to 2005 allowed an in place upgrade. 2005 to 2008 does not. Part of the reason for this is that RS 2008 no long uses IIS. It can coexist with IIS being installed but it does not use it. Read up carefully on this. I found it to be a bit convoluted. That being said, RS 2008 is a great product and well worth the hassle of upgrading. -- Bruce Loehle-Conger MVP SQL Server Reporting Services "Mecn" <mecn(a)yahoo.com> wrote in message news:eOD93E$fKHA.2184(a)TK2MSFTNGP04.phx.gbl... > Thanks a lot Bruce. > Is it still OK to upgrade from SSRS2005 to SSRS2008 instead of Migrate/ > install > > > "Bruce L-C [MVP]" <bruce_lcNOSPAM(a)hotmail.com> wrote in message > news:ebRM97%23fKHA.5564(a)TK2MSFTNGP06.phx.gbl... >> Do you mean upgrade from RS 2000 to RS 2005. That upgrade was quite easy. >> The upgrade to RS 2008 is more difficult because they made major >> architectural changes that cause the upgrade to be more of an install and >> migration rather than an upgrade. >> >> As far as security you need to be more specific. I am not aware of >> security issues. BUT, it depends on what you mean by it. >> >> The way I look at security for my site, if you have rights to a report >> you have rights to the data in the report. But, in a few cases where that >> isn't true then I use the User!UserID global variable to restrict the >> access to a report. >> >> Now, if you have data that you need to restrict and you are doing it by >> the parameter being passed into the report, then that can be modified. >> >> The way to look at it is that RS uses role based security and is giving >> rights to run a report. The data behind the report it is up to you on how >> restrictive to make it. You can use User!UserID, you can use the login >> user in the data source. By that I mean you add the user as a login to >> SQL Server and then the credentials used for the data source is the user >> viewing the report. >> >> I don't do that. I have SQL Server in mixed mode and have a login that >> has read only rights and give that use execute rights on appropriate >> stored procedures. Then all reports use this special user for the >> credentials. The person running the report is only used by RS to >> determine if they have the right to run the report. >> >> >> -- >> Bruce Loehle-Conger >> MVP SQL Server Reporting Services >> >> "Mecn" <mecn(a)yahoo.com> wrote in message >> news:eu63k1#fKHA.5792(a)TK2MSFTNGP05.phx.gbl... >>> Hi, >>> >>> We are trying to have SSRS2005 ready for production and I heard that >>> SSRS2005 upgrade to SSRS2005 is very difficult and SSRS2005 securty is >>> very >>> poor. >>> IS that True? >>> >>> Thanks, >>> > > |