September 8, 2006 at 12:19 pm
Hello,
I have a question about permissions because of a problem we are facing. We have a SRS 2000 Server that has a folder structure similar to the following.
Home->Development->HR
The permissions on each folder are as follows:
Home = BUILTIN\Administrators; Content Manager
SRSAdmins; Content Manager (note this is a AD user group)
Development = BUILTIN\Administrators; Content Manager
SRSAdmins; Content Manager (note this is a AD user group)
HR = BUILTIN\Administrators; Content Manager
SRSAdmins; Content Manager (note this is a AD user group)
HRDevelopers; Content Managers (note this is a AD user group)
Note: This folder has broken away from Parent Security
Here is the problem we are facing. I'm a member of the AD group SRSAdmins. I can get to any folder and add/edit/delete/view reports/view properties on any objects. People that are in the HRDevelopers AD group can create new objects and delete items and view reports. However, if they attempt to view the properties of an object (data source, report, etc) in Report Manager, they get a permission error. The error is
The permissions granted to user 'MyDomain\someuser' are insufficient for performing this operation. (rsAccessDenied)
I would think since the HR folder has broken away from Parent security and the AD group has Content Manager permissions, they should be able to do anything they want.
Does anyone have any ideas why this is? Thanks in advance for any help or guidance.
September 11, 2006 at 8:00 am
This was removed by the editor as SPAM
September 15, 2006 at 12:32 pm
I figured this problem out.
In order to fix the problem, I had to create a new SRS role (View Folders Only) that has the View Folders permission only. Then at the Home folder, I granted the HRDevelopers group to this role. What this means is people in this group can see every folder on this SRS server. If one of them drills into folders where their group does not have adequate rights, then they will see nothing. And if they drill into the HR folder, then they can continue doing what they were able to do before and they can view properties of an object.
I’m not sure why this type of configuration is needed, because the HRDevelopers group basically has God like permissions on the HR folder. But something about the way SRS security works causes us to configure the security in this manner. Although I have not found anything to confirm this, I think it is a bug with SRS 2000.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply