Export (0) Print
Expand All
2 out of 11 rated this helpful - Rate this topic

Securing Reporting Services

SQL Server 2005

Security in Reporting Services is provided by ASP.NET security, Microsoft Internet Information Services (IIS) security, Microsoft Windows security, and a built-in role-based authorization model. The following security systems help to ensure that only authorized users have access to a Reporting Services deployment:

  • ASP.NET security provides application-level security for the report server and Report Manager. You can lock down both the server and Report Manager using best practices for ASP.NET security.
  • IIS security controls access to the report server virtual directory (the SOAP endpoints of the report server) and Report Manager. IIS also authenticates user connections to a report server instance. Reporting Services configures the report server virtual directories to use Windows security by default. For more information, see Configuring Authentication for Reporting Services.
  • Authorization is provided through a role-based security model that is specific to Reporting Services. All user connections to a report server must be made within the context of a role assignment that maps a user account to a role that describes the operations that a user can perform. For more information about role-based access, see Managing Permissions and Security for Reporting Services and Creating, Modifying, and Deleting Role Assignments.
  • Secure Sockets Layer (SSL) is strongly recommended for production servers and Internet-facing report servers. You can specify SSL connection levels for report server virtual directories through the Reporting Services Configuration tool or by modifying the configuration settings. For more information about the connection levels, see Using Secure Web Service Methods and Configuring a Report Server for Secure Sockets Layer (SSL) Connections.

Under certain circumstances, using integrated security introduces an elevation-of-privileges security threat. For more information about the threat and mitigation strategies, see Integrated Security and Elevated Permissions.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.