Securing Reports
It is recommended that you and your system administrator secure the Business Desk Analysis modules used to create reports, and the Data Warehouse databases that contain the report data. In both cases, your system administrator creates Windows groups for Business Desk users who are going to access Analysis functionality, and then assigns these groups the appropriate permissions.
Securing Analysis Modules
Securing the Data Warehouse Databases
Securing Analysis Modules
Use the Business Desk Permissions module to grant and deny Business Desk users permission to run Analysis reports. You can secure areas of Business Desk Analysis so that specific reporting functions are available only to selected users or user groups.
For example, you can disable the .gif "Run")
button in the Reports module so that a group of users cannot run dynamic reports in Business Desk.
The only default Business Desk user account is the BizDesk administrators group. Upon installation of a Business Desk application, this group account initially consists of the users in the Windows Administrators group for the Web server on which the Business Desk application is installed.
A member of the BizDesk administrators group has all permissions, and can add other users and give them new report permissions. New report permissions enable users to create new reports and save reports.
.gif "Ee784516.important(en-US,CS.20).gif")
Important
- New report permissions permit a Business Desk user to create new SQL queries for reports and save them in the Data Warehouse. Users who run reports might not realize that they are running a new and potentially damaging query. This potential risk must be considered when determining to whom to grant New report privileges.
For instructions about applying Business Desk permissions, see Setting Business Desk Permissions for Windows Accounts.
.gif "Ee784516.note(en-US,CS.20).gif")
Notes
If users have permission to use the Campaign Manager module, they can use Campaign Manager to export a report to List Manager, and then access user data in the list.
To secure user data in this scenario, explicitly deny users the ability to export reports to List Manager.
After a user runs a dynamic report, the
.gif "New")
(New Report) and .gif "Save")
(Save Report) buttons are enabled, regardless of the permissions you assigned these users in Business Desk. These buttons are not directly controlled through Business Desk Security.The user might be able to run a dynamic report outside Business Desk by using the URL that Business Desk uses to run reports.
Securing the Data Warehouse Databases
Your system administrator secures the Data Warehouse databases that contain the data used in reports. If users cannot access the Data Warehouse databases, they cannot run reports.
Your system administrator can create a ''reporting'' role in SQL Server, and then assign groups of Windows accounts to that role. For more information, see Scripts for Securing Databases Accessed by Reports.
For a list of which reports access each of the Data Warehouse databases, see Reports Accessing OLAP Cubes and SQL Server.
Commerce Server 2002 enables a Business Desk user to run dynamic reports by connecting to the OLAP database through Internet Information Services. When this connection method is configured, the PivotTable service can tunnel through firewalls or proxy servers to the Analysis Services server. For more information, see Accessing the Analysis Server Over HTTPS.
See Also
Scripts for Securing Databases Accessed by Reports
Reports Accessing OLAP Cubes and SQL Server
Accessing the Analysis Server Over HTTPS
Setting Business Desk Permissions for Windows Accounts
Copyright © 2005 Microsoft Corporation.
All rights reserved.