Managing Reporting in Operations Manager 2007

  • Article

Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1

The Reporting feature of Microsoft System Center Operations Manager 2007 focuses on customer scenarios, performance, and usability. As an administrator, you will be involved in setting up access to reports and maintaining the SQL database. For information about how to create, customize, and use reports, see the Creating Reports topic in the Operations Manager 2007 R2 User’s Guide (https://go.microsoft.com/fwlink/?LinkId=150369).

Managing Access to Reports

Operations Manager 2007 uses role-based security. With regard to administering Operations Manager 2007, you will need to manage users as needed. The following roles are relevant to reporting:

  • Report Operator

    Includes a set of privileges designed for users who need access to reports. This role grants members the ability to view reports according to their configured scope.

    Warning

    Users assigned to this role have access to all report data in the Reporting data warehouse and are not limited by scope.

  • Report Security Administrator

    Enables the integration of SQL Server Reporting Services security with Operations Manager user roles. This gives Operations Manager Administrators the ability to control access to reports. This role can have only one member account and cannot be scoped.

Use the procedures in this topic to restrict access to Operations Manager 2007 reports containing sensitive information.

First, using a Command Shell script, you create a new user role. An example of a Command Shell script that is used to create a new user role is shown at the end of this topic.

Second, you use the Get-UserRole command to set permissions on the report.

Warning

After you edit the security properties for a report, folder inheritance for every report in the folder is disabled. When folder inheritance is lost, you are required to manually set permissions for every report in the folder by using the Get-UserRole command.

For more information about the Operations Manager Command Shell, see the Operations Manager 2007 SDK (https://go.microsoft.com/fwlink/?LinkId=65912).

To create a new user role

  1. Copy the sample Command Shell script to your local hard drive and save the file with a .ps1 extension (for example ReportOperator.ps1).

  2. Start the Operations Manager Command Shell.

  3. Run the script, for example type C:\ReportOperator.ps1, and then press ENTER.

  4. In the Operations console, click Administration.

  5. In the Administration pane, expand Administration, expand Security, and then click User Roles.

  6. In the User Roles pane, right-click the user role that was previously created from the Command Shell script, and then click Properties.

  7. In the User Role Properties dialog box, click the General page, and then click Add.

  8. On the Select User or Groups page, enter the users or groups that you want to assign to the user role, and then click OK.

    Important

    Adding a machine account to user role member would allow all services on that computer to have SDK access. It is recommended that you do not add a machine account to any user role.

  9. Click Apply, and then click OK.

  10. Now you need to add the GUID for the new user role to SQL Server Reporting Services. Use the following steps:

    1. In the User Roles view, double-click the new user role.

    2. Click the Identity tab.

    3. Click Copy to copy the GUID for the new user, and then click OK to close the Properties window.

    4. Start the SQL Server Reporting Services Report Manager by navigating to https://localhost/Reports in a Web browser.

    5. Click the Properties tab.

    6. Click New Role Assignment.

    7. Paste the GUID in the Group or user name field.

    8. Select the roles you want to assign to the new Report Operator user role and click OK.

To set permissions on a report using command shell

  1. Use the Get-UserRole command to find the particular user role that you want to use for the report.

    Note

    The command get-userrole | format-list Name,ID | ft displays an easy-to-read table that displays user role names and their associated GUID.

  2. Copy the GUID to the clipboard.

  3. Access the report by using your browser and connecting to the instance of SQL Server (http://<computername>/reports$instance1).

  4. On the SQL Server Reporting Services home page, click the folder containing your report (for example, click Reports, and then click Microsoft.SystemCenter.DataWarehouse.Report.Library).

  5. Click the Properties tab, and then in the navigation pane, click Security.

  6. Click Edit Item Security.

  7. Click the check box for the role Browser, My Reports, Report Builder, and replace the existing GUID with the GUID for the User Role you selected and copied onto the clipboard.

The following is an example of the code you can use to create a user role for the Report Operator profile. The new user role in this example is named "Test Report Operator Role" but can be changed before running the script.

$mg = (get-item .).ManagementGroup
$reportOperator = $mg.GetMonitoringProfiles() | where {$_.Name -eq "ReportOperator"}
$obj = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringUserRole

$obj.Name = "TestReportOperatorRole"
$obj.DisplayName = "Test Report Operator Role"
$obj.Description = "Test Report Operator Role"
$obj.MonitoringProfile = $reportOperator

$mg.InsertMonitoringUserRole($obj)

Grooming

The Reporting data warehouse stores data for a specified length of time, depending on the data (Alert, State, Event, Aem, or Performance) and the aggregation type (raw data, hourly aggregations, daily aggregations). The database is set up to delete older data. Deleting the older data is called grooming.

The following table shows the default retention settings for the different types of data.

Data Set Aggregation Type Days To Be Kept

Alert

Raw data

400

State

Raw data

180

State

Hourly aggregations

400

State

Daily aggregations

400

Event

Raw data

100

Aem

Raw data

30

Aem

Daily aggregations

400

Perf

Raw data

10

Perf

Hourly aggregations

400

Perf

Daily aggregations

400

Settings for grooming the data warehouse can be changed through Microsoft SQL Server Management Studio.

To change grooming settings in the Reporting data warehouse

  1. On the Windows desktop, click Start, point to Programs, point to Microsoft SQL Server 2005 or Microsoft SQL Server 2008, and then click SQL Server Management Studio.

  2. In the Connect to Server dialog box, in the Server Type list, select Database Engine; in the Server Name list, select the server and instance for your Reporting data warehouse (for example, computer\INSTANCE1); in Authentication list, select Windows Authentication; and then click Connect.

  3. In the Object Explorer pane, expand Databases, expand OperationsManagerDW, and then expand Tables.

  4. Right-click dbo.Dataset, and then click Open Table.

  5. Locate the dataset for which you want to change the grooming setting in the DatasetDefaultName column and make note of its GUID in the DatasetId column.

  6. In the Object Explorer pane, right-click dbo.StandardDatasetAggregation and then click Open Table.

  7. In the DatasetId column, locate the dataset GUID you noted in step 5. Multiple entries of the same GUID might display.

  8. Locate the aggregation type from the list in the AggregationTypeId column by using the following values:

    • 0 = raw, nonaggregated data

    • 10 = subhourly

    • 20 = hourly

    • 30 = daily

After you have located the dataset and its aggregation type, scroll to the MaxDataAgeDays column, and then edit the value there to set the grooming interval.