Folder security in SSRS

Similar Messages

• Report folder security issue

  Hi,
  We are struggling with this issue, I have various report folders in Explore within Workspace. I would like my users to view (and run) reports in the folders for which permissions have been granted. Even after granting permissions, my users are able to view all report folders and also able to run reports from them.
  How do we restrict users to view only relevant folders for which permissions have been granted for. My users are grouped in various groups and folder security is being given to these groups. All my reports are FR and some WA reports.
  Am I missing something silly completely? Any guidance will be of great help. Thanks in advance.

  Two things i have run into:
  1) the group WORLD has access to the folders. You need to remove this group from each folder.
  2) The users have admin rights for Reporting. This overrides folder security.

• Cannot view the folder security after removed the default "users" group from folder

  Hi guys
  Due to the domain change, I am doing a windows 2003 server migration to windows 2012 for a file server.
  Tones of data have been copied from the old 2003 server to the new setup 2012 server.
  We need remove the "builtin\users" group from the folder security to maintain correct rights access of user to network folder.
  Once the "builtin\users" group has been removed, the account in domain admin group can no longer read the folder security.
  Has anyone faced the similar situation? 
  Or, is there any change in folder security rights of Windows 2012?
  Thanks in advance
  KC@ITL

  Hi,
  Glad to hear that the issue has been resolved.
  If you need any assistance in the future, please do not hesitate to post in our forum.
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Details on Force Folder Security

  When I create a folder in UCM, there is a boolean field called "Force Folder Security". How does this folder metadata get used?

  Hi
  CollectionForceFolderSecurityEnabled is related affect Security Group and Account for contents that are in the folder . If it is set to true, then any any new, copied, or moved content placed into that folder will have the content’s security fields overridden to match the Security Group and Account of the folder. If it it set to false and you move content from one folder to another, the content keeps its original Security Group and Account, and does not change to match the Security Group and Account set on the new folder.
  Hope this helps .
  Thanks
  Srinath

• Upgrade of Business Objects v3.0 to v3.1 makes folder security disappear

  Hi All,
  re: Upgrade of Business Objects v3.0 to v3.1 makes folder security disappear
  We just upgraded to v3.1 and the security I put in place in v3.0 did not carry over for the folders. Our company wanted to secure the folders per SAP security role, so I did that by breaking the inheritence relationship from the Root Folder on child folders that they should not have access to (see SAP note#1281763 for explaination on this type of procedure). It worked fine in v3.0, but after the upgrade, all of those changes had disappeared and every SAP role was able to see every folder. This was a major effort to secure those folders and I do not want to do it again. Also, we did import the roles into the upgrade BO v3.1 before we imported the BO structure, which as told to us by SAP, would work and not cause this issue.
  Thanks for your help!

  Hello Gary,
  I recommend to post this query to the [BusinessObjects Enterprise Administration|BI Platform; forum.
  This forum is dedicated to topics related to administration and configuration of BusinessObjects Enterprise, BusinessObjects Edge, and Crystal Reports Server.
  It is monitored by qualified technicians and you will get a faster response there.
  Also, all BOE Administration queries remain in one place and thus can be easily searched in one place.
  Best regards,
  Falk

• SSRS security to view folder security rights

  What access is necessary for a user to view (not be able to change) folder level security for a particular SSRS folder.  Managers are consistently asking me to send them what security groups have access to a particular production SSRS folder. 
  Allowing them to be able to view the Properties-security of a folder with out the right to change would be helpful.

  MicMikey,
  The original response to your question was in regards to security.  If you are trying to determine the data source that a report is using, that is an entirely different question.  I would suggest that if your question has changed, you open a new
  question in the forum so people can answer it appropriately.
  Regardless, to see which data source a report is using, you can use Report Manager, and select "Manage" from the drop down on that particular report and view which data source its using from the "Data Sources" tab on the left.  Otherwise you can write
  a script using the SOAP APIs.  Either way, each time run a script or query to get this data, the query or output data should reflect the most up to date data.  Historical data of what folders were called is not kept in the DB.

• Built-In Users-group is suddenly gone on folder security tab.

  Dear forum-members,
  I have got a problem with folder-permissions (acl) on a Windows 2003 Server with Terminal Services (Citrix).
  The application "Sybase" is installed on the D-drive (disk). A thrid party application needs Sybase to communicate through the sql.ini with the database. All terminal server users needs read permissions on the Sybase install directory to
  use the sql.ini.
  Normally every new folder on a server has the Builtin Administrators-group and System account "Full-Control" permissions and the Builtin Users-group had "Read en List" permissions. Now on the Sybase folder only the Builtin Administrators-group
  en System account are at the security tab, but
  not the Builtin Users-group.
  When I manually set the Builtin Users-group with read permissions it okay, but after a while the Builtin Users-group is gone/deleted/removed. There is no signal that a person, proces or action removes the permissions for the Builtin Users-group. I set
  Auditing on the folder, but with no result. I know for sure there is no GPO (Group Policy) that removes this group.
  For now I have a dirty solution to run a scheduled task every 10 minutes that run xcalcs to set the permissions. A tried a GPO to set the permissions, after a reboot the group policy doesn't apply (only after a gpupdate /force).
  Does some one of you has another proper/nice solution to force the read permissions on the Sybase folder for the Builtin Users-group?
  Thanks in advance.
  Greetings, Sidney

  Hi Shaon,
  Thank you for your reply.
  The 'third party app' is APP-V sequenced and not in production yet, so only some test users are using the app.
  I did a test today to use Domain Users instead of Builtin Users, but the same problem. After a reboot only the Builtin Administrators and SYSTEM has permission on the Sybase installation folder and Domain Users (& Builtin Users) were automatically
  removed again.
  We have 6 terminal (citrix) servers and all of them has the same problem, so it's not server related.
  Could it be an issue with the way how Sybase is packaged (it's a silence install through our deployment application)?
  Before I do the next test: Will it help to force the rights (replace permissons) from the upper folder to the sub-folder(s)? (force the inheritance)
  Greetings, Sidney

• Folder security doesn't work

  at customer:
  created a content area (public) with two folders. one folders is public, one is NOT public.
  when i am not logged in I only get the public folder. when I am logged in with any new user (no memeber of any group) I get both folders.
  What's wrong? Any hint?
  Item level security works fine.
  Portal 3.0.8 (migrated from 3.0.6)

  You are (by definition) member of the group AUTHENTICATED_USERS. Is this group authorized to view items in the non-public folder?
  Ton

• Accessing Active Risk Manager (ARM) folder security markings through Risk Performance Manager

  Hello folks,
  I am building custom reports in RPM to display ARM data but am struggling to get a security label assigned to the reports.
  In the standard reports the security label changes according to the risks inputted but I can't see the wood for the trees in the expression used!
  Any hints or tips?
  Many thanks,
  Christian

  Hi sea_lene,
  In Reporting Services, each subreport instance is a separate query execution and a separate report processing task. So it the performance should be an issue. To improve the performance, we can consider changing the dataset query in the main report by using
  one of the following mitigation strategies:
  Collect data in a data warehouse and use the data warehouse as a data source for a single dataset.
  Use SQL Server linked servers and write a query that retrieves data from multiple databases.
  Use the OPEN ROWSET capability to specify different databases.
  References:
  Troubleshooting Reports: Report Performance
  More tips to improve performance of SSRS reports
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• Attachments folder security

  Hello Experts,
  I have a client that is using the Human Resources module in B1 and is storing confidential information, such as employee reviews in the B1 attachments folder.  A while ago they restricted access to this folder on the server for most of their employees so they wouldn't be able to view these reports.  Recently they have also expanded the use of Outlook Integration.  Outlook integration requires full access to the attachments folder in order to attach any files to the email. So now they are running into the issue of needing to restrict access to some things stored in the folder while still allowing Outlook Integration to function properly. 
  We've tried giving users write permission to the attachments folder, but Outlook Integration will still not function properly.  The client is also not interested in restricting access on a report by report basis. 
  Anyone else out there run into something similar and have a handy workaround available?

  Ryan,
  Did you manage to find a solution with your Attachments security issue?
  I found a solution buts it can be a bit expensive.
  regards, Sotos

• Folder Security Query

  BOE XI R2
  I need help extracting rights information on folders.  I have an Excel spreadsheet that I currently get a list of folders in the system.  I need to extend this to show which groups have access rights to each folder.  Can this be done using a Query that I can replicate in the Query Builder?  If not, how do I accomplish it?  I am not a full time programmer so more detailed explanations are better.  I do have extensive experience administering BOE, so I understand the how it all works.
  Thanks
  Brian

  Hi Brian,
  I suggest reading the BusinessObjects Enterprise SDK Documentation.
  The SDK documentation is found on the following site:
  https://www.sdn.sap.com/irj/boc/sdklibrary
  For XI R2, please scroll down to the bottom of this page.
  The "Developer Guide" contains several tutorials that may help you with understanding how to use the SDK.
  I do not have a COM based sample but below is a Java based sample.
  The workflow is basically the same.
  Hope this helps.
  Regards,
  Dan
  <%@ page import = "java.util.*"%>
  <%@ page import = "com.crystaldecisions.sdk.framework.*"%>
  <%@ page import = "com.crystaldecisions.sdk.occa.infostore.*"%>
  <%@ page import = "com.crystaldecisions.sdk.occa.security.*"%>
  <%@ page import = "com.crystaldecisions.sdk.exception.*"%>
  <%@ page import = "com.crystaldecisions.sdk.properties.*"%>
  <%@ page import = "com.crystaldecisions.sdk.plugin.*"%>
  <%@ page import = "com.crystaldecisions.sdk.plugin.desktop.user.*"%>
  <%
  IEnterpriseSession es = null;
  //Get html form values
  String user = request.getParameter("username");
  String password = request.getParameter("password");
  String apsName = request.getParameter("apsname");
  String apsAuthType = request.getParameter("authType");
  //Logon and get the iStore back
  es = CrystalEnterprise.getSessionMgr().logon( user, password, apsName, apsAuthType );
  IInfoStore boInfoStore = (IInfoStore) es.getService("", "InfoStore" );
  out.println("<TABLE BORDER='1'>");
  out.println("<TR WIDTH='300' ALIGN=CENTER BGCOLOR=KHAKI><TD COLSPAN=2>Folder</TD><TD COLSPAN=4>Rights</TD></TR>");
  out.println("<TR ALIGN=CENTER BGCOLOR=KHAKI><TD>ID</TD><TD>Folder Name</TD><TD>ID</TD><TD>Principal</TD><TD>Inherited</TD><TD>Role</TD></TR>");
  out.println(getFolders(boInfoStore, 0, 0));
  out.println("</TABLE>");
  %>
  <%!
  String getFolders(IInfoStore boInfoStore, int parentId, int level) throws SDKException {
       String output = "";
       String query_folder = "Select * From CI_INFOOBJECTS Where SI_KIND = '" + CeKind.FOLDER + "' AND SI_PARENTID=" + parentId + " ORDER BY SI_NAME";
       IInfoObjects boInfoObjects_folder = (IInfoObjects) boInfoStore.query( query_folder );
       IInfoObject boInfoObject_folder = null;
       IObjectPrincipals boObjectPrincipals = null;
       int iPrincipalCount = 0;
       String levelPad = "";
       for ( int i = 0; i < level; i++ ) {
            levelPad += "     ";
       for ( int i = 0; i < boInfoObjects_folder.size(); i++ ) {
            boInfoObject_folder = (IInfoObject) boInfoObjects_folder.get(i);
            boObjectPrincipals = boInfoObject_folder.getSecurityInfo().getObjectPrincipals();
            iPrincipalCount = boObjectPrincipals.size();
            output += "<TR><TD ROWSPAN=" + iPrincipalCount + ">" + boInfoObject_folder.getID() + "</td>";
            output += "<TD ROWSPAN=" + iPrincipalCount + ">" + levelPad + boInfoObject_folder.getTitle() + "</td>";
            if (iPrincipalCount > 0) {
                 output += getPrincipals(boObjectPrincipals);
            } else {
                 output += "<TD COLSPAN=2>No rights associated with this folder.</td></TR>";
            output += getFolders(boInfoStore, boInfoObject_folder.getID(), (level+1));
       return output;
  String getPrincipals(IObjectPrincipals boObjectPrincipals) throws SDKException {
       String output = "";
       IObjectPrincipal boObjectPrincipal = null;
       Iterator iterator_principals = null;
       boolean firstPrincipal = true;
       iterator_principals = boObjectPrincipals.iterator();
       firstPrincipal = true;
       while (iterator_principals.hasNext()) {
            boObjectPrincipal = (IObjectPrincipal) iterator_principals.next();
            if (firstPrincipal) {
                 firstPrincipal = false;
            } else {
                 output += "<TR>";
            output += "<TD>" + boObjectPrincipal.getID() + "</td>";
            output += "<TD>" + boObjectPrincipal.getName() + "</td>";
            output += "<TD>" + boObjectPrincipal.isInherited() + "</td>";
            output += "<TD>" + boObjectPrincipal.getRole().getDescription(Locale.ENGLISH) + "</td>";
            output += "</TR>";
       return output;
  %>

• How to fix folder security

  folder does not have proper security settings--how do you fix it?

  Parallels no longer users the Transporter application so its startup item should be removed. I don't know why you have the .DS_Store file in that folder nor why it is being detected as a startup item. It's an invisible file that you can easily remove by opening the Terminal application in your Utilities folder and doing the following:
  At the command prompt enter:
  sudo rm -rf /Library/StartupItems/.DS_Store
  Press RETURN. You will be asked to enter your admin password which will not be echoed.
  As an additional precaution you may do the following:
  Repairing the Hard Drive and Permissions
  Boot from your OS X Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Installer menu (Utilities menu for Tiger, Leopard or Snow Leopard.) After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list. In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive. If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer. Now restart normally.
  If DU reports errors it cannot fix, then you will need Disk Warrior and/or Tech Tool Pro to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.

• Report folder security

  Hi,
  I have setup a user A (it belong to Administrators group) and it can access the Reporting Server's report folders, however, another user B (it belong to USERS only) cannot access.
  I already tick all the 5 roles (Browser, Content Management, My Reports, Publisher, Report Builder) to be assigned to B (from the Folder Role Assignment)
  Please help ~~

  Hi ,for this you need to define security at two level .
  First at site settings
  second for folder.
  To create a system-level role assignment
  If necessary, log on as a local administrator.
  Open a browser window and type the Report Manager URL to start the application. For example http://<server name>/reportserver
  Click Site Settings at the top of the page.
  Click the Security tab at the side of the page. This page shows all system-level role assignments that are currently defined. On a new report server installation, only the two predefined roles, System Administrator and System User, are visible.
  There is one built-in role assignment that is created automatically; it maps the built-in local administrators group to the System Administrator role
  Click New Role Assignment.
  In Group or user name, specify a domain group account that includes all of the users who require permissions to view report server content and subscribe to reports. Specify the account in this format:
  domain\group. The account should be in the same domain or in a trusted domain. If you do not have a domain group that fits this description, you can specify individual domain user accounts instead.
  Select System User.
  Click OK.
  To create an Folder level security
  Click Home at the top of the page to open the Report Manager home page.
  Click the Folder Settings button.
  Click New Role Assignment.
  In Group or user name, specify the name of a domain group account that includes all of the users who require permissions to view reports. Specify the account
  in this format: domain\group. The account should be in the same domain or in a trusted domain. If you do not have a domain group that fits this description, you can specify individual domain user accounts instead.
  Select Browser.
  Click OK.
  Click New Role Assignment again.
  Type the name of a domain user account for a user who has administrative responsibilities for this report server. Specify the account in this format:
  domain\user. The account should be in the same domain or in a trusted domain.
  Select Content Manager.
  Click OK to save the role assignments.
  Thanks
  Please Mark This As Answer or vote for Helpful Post if this helps you to solve your question/problem. http://techequation.com

• Folder security seems that is not working,,,

  I have a folder with two subfolders. This folder has unchecked
  the 'Public' and
  checked 'enabled item security'.
  One subfolder gives view privileges for user A, and the other
  for user B.
  Both subfolders have been set to be published as portlets.
  Each of these portlets are published to different pages. Both
  users A and B have view privileges for both pages.
  What happens is that when ANY of these two users log in BOTH can
  view BOTH portlets regardless the security applied.
  Any suggestions please....

  Fernando,
  Check that the subfolders have inherited their privileges from
  the parent folder, and are not overriding the parent folder
  privileges.
  Note that item level security does not apply to subfolders. In
  general, only use item level security when you really need it,
  as it disables folder caching.
  This could also be a caching issue. Make sure that the page is
  caching the page definition only, and not caching content.
  Regards,
  Jerry

• File and Folder Security Issue

  Hi,
  I'm facing some problem in my windows server 2012 r2. Problem is, when i set a users permission to modify a folder and it's content then that user can delete this folder and it's content. But I want user can write, edit a file (like .doc or .xls) but he
  cannot delete this file. Is it possible?
  Regards,
  Mahfuz

  Hi,I have been facing the same problem.
  The security measures which were already mentioned here will not gonna work for MS office
  file extension because without providing modify permission,its not possible to edit them as this protection is working on this way "edit=delete+create".
  So without providing delete option,is there any other way out to manage the staffs?Please let me know.
  Thanks,
  Ashief Ahmed