使用SQL Server Reporting Services Web Service,如何確定特定域用戶對特定報告的權限?有問題的用戶不是正在訪問Web服務的用戶。使用Reporting Services Web服務,您如何獲得特定用戶的權限?
我正在使用在SSRS中具有完全權限的域服務帳戶(允許說MYDOMAIN\SSRSAdmin)訪問Web服務。我想以編程方式查找特定報告的域用戶的權限(可以說MYDOMAIN\JimBob)。
的GetPermissions()方法上的Web服務將返回的權限列表,該當前用戶有(MYDOMAIN\SSRSAdmin),但是這不是我要找的。我如何獲得MYDOMAIN\JimBob的同一個權限列表?我將不會擁有用戶的域密碼,因此使用他們的憑據調用GetPermissions()方法不是一種選擇。然而,我是從擁有完全權限的帳戶訪問此信息的,因此我認爲理論上應該可以獲得信息。
SSRS從用戶的NT登錄令牌中獲取NT組。這就是爲什麼當你被添加到新組時,你需要註銷並重新登錄。這同樣適用於大多數Windows檢查(SQL Server,共享,NTFS等)。
如果你知道NT組(S)...
您可以直接查詢Report Server數據庫。我幾乎直接從我們用來檢查文件夾安全性的一個報告中解除了這個(C.Type = 1)。在U.UserName上過濾。
SELECT
R.RoleName,
U.UserName,
C.Path
FROM
ReportServer.dbo.Catalog C WITH (NOLOCK) --Parent
JOIN
ReportServer.dbo.Policies P WITH (NOLOCK) ON C.PolicyID = P.PolicyID
JOIN
ReportServer.dbo.PolicyUserRole PUR WITH (NOLOCK) ON P.PolicyID = PUR.PolicyID
JOIN
ReportServer.dbo.Users U WITH (NOLOCK) ON PUR.UserID = U.UserID
JOIN
ReportServer.dbo.Roles R WITH (NOLOCK) ON PUR.RoleID = R.RoleID
WHERE
C.Type = 1
感謝您的查詢。這看起來像給了我和GetPolicies()Web服務方法相同的結果。它會返回Active Directory組的名稱,這意味着我必須查詢Active Directory才能獲取用戶。我猜想我想要做的不可能是現成的,並且需要GetPolicies()和AD查詢的組合。 – 2009-06-03 15:20:36
查看「GetPolicies方法」,您可以在下面的鏈接中看到。
http://msdn.microsoft.com/en-us/library/reportservice2010.reportingservice2010.getpolicies.aspx
希望這會讓你開始。我在複製文件夾結構時使用它,當我想將我的SSRS項目從源遷移到目標服務器時,將其從舊服務器報告到新服務器。它是一種在一臺服務器上獲取項目的安全策略的方法,然後在將項目從源服務器複製到目標服務器後,爲另一臺服務器上的相同項目設置安全策略。您必須設置您自己的源和目標服務器名稱。
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Web.Services.Protocols; //<=== required for SoapException
namespace SSRS_WebServices_Utility
{
internal static class TEST
{
internal static void GetPoliciesForAnItem_from_Source_ThenSetThePolicyForTheItem_on_Destination(string itemPath)
{
string sSourceServer = "SOURCE-ServerName";
Source_ReportService2010.ReportingService2010 sourceRS = new Source_ReportService2010.ReportingService2010();
sourceRS.Credentials = System.Net.CredentialCache.DefaultCredentials;
sourceRS.Url = @"http://" + sSourceServer + "/reportserver/reportservice2010.asmx";
string sDestinationServer = "DESTINATION-ServerName";
Destination_ReportService2010.ReportingService2010 DestinationRS = new Destination_ReportService2010.ReportingService2010();
DestinationRS.Credentials = System.Net.CredentialCache.DefaultCredentials;
DestinationRS.Url = @"http://" + sDestinationServer + "/reportserver/reportservice2010.asmx";
Boolean val = true;
Source_ReportService2010.Policy[] curPolicy = null;
Destination_ReportService2010.Policy[] newPolicy = null;
try
{
curPolicy = new Source_ReportService2010.Policy[1];
curPolicy = sourceRS.GetPolicies(itemPath, out val); //e.g. of itemPath: "/B2W/001_OLD_PuertoRicoReport"
//DestinationRS.SetPolicies(itemPath, newPolicy);
int iCounter = 0;
//int iMax = curPolicy.Length;
newPolicy = new Destination_ReportService2010.Policy[curPolicy.Length];
foreach (Source_ReportService2010.Policy p in curPolicy)
{
//create the Policy
Destination_ReportService2010.Policy pNew = new Destination_ReportService2010.Policy();
pNew.GroupUserName = p.GroupUserName;
pNew.GroupUserName = p.GroupUserName;
Destination_ReportService2010.Role rNew = new Destination_ReportService2010.Role();
rNew.Description = p.Roles[0].Description;
rNew.Name = p.Roles[0].Name;
//create the Role, which is part of the Policy
pNew.Roles = new Destination_ReportService2010.Role[1];
pNew.Roles[0]=rNew;
newPolicy[iCounter] = pNew;
iCounter += 1;
}
DestinationRS.SetPolicies(itemPath, newPolicy);
Debug.Print("whatever");
}
catch (SoapException ex)
{
Debug.Print("SoapException: " + ex.Message);
}
catch (Exception Ex)
{
Debug.Print("NON-SoapException: " + Ex.Message);
}
finally
{
if (sourceRS != null)
sourceRS.Dispose();
if (DestinationRS != null)
DestinationRS.Dispose();
}
}
}
}
要調用它使用以下命令:
TEST.GetPoliciesForAnItem_from_Source_ThenSetThePolicyForTheItem_on_Destination("/FolderName/ReportName");
,你必須把自己的SSRS文件夾名稱和報表名稱,即路徑的項目。
其實我用的就是通過在目標文件夾中,然後調用該方法這樣所有的項目循環的方法:
internal static void CopyTheSecurityPolicyFromSourceToDestinationForAllItems_2010()
{
string sDestinationServer = "DESTINATION-ServerName";
Destination_ReportService2010.ReportingService2010 DestinationRS = new Destination_ReportService2010.ReportingService2010();
DestinationRS.Credentials = System.Net.CredentialCache.DefaultCredentials;
DestinationRS.Url = @"http://" + sDestinationServer + "/reportserver/reportservice2010.asmx";
// Return a list of catalog items in the report server database
Destination_ReportService2010.CatalogItem[] items = DestinationRS.ListChildren("/", true);
// For each FOLDER, debug Print some properties
foreach (Destination_ReportService2010.CatalogItem ci in items)
{
{
Debug.Print("START----------------------------------------------------");
Debug.Print("Object Name: " + ci.Name);
Debug.Print("Object Type: " + ci.TypeName);
Debug.Print("Object Path: " + ci.Path);
Debug.Print("Object Description: " + ci.Description);
Debug.Print("Object ID: " + ci.ID);
Debug.Print("END----------------------------------------------------");
try
{
GetPoliciesForAnItem_from_Source_ThenSetThePolicyForTheItem_on_Destination(ci.Path);
}
catch (SoapException e)
{
Debug.Print("SoapException START----------------------------------------------------");
Debug.Print(e.Detail.InnerXml);
Debug.Print("SoapException END----------------------------------------------------");
}
catch (Exception ex)
{
Debug.Print("ERROR START----------------------------------------------------");
Debug.Print(ex.GetType().FullName);
Debug.Print(ex.Message);
Debug.Print("ERROR END----------------------------------------------------");
}
}
}
}
JimBob是否有對文件夾等明確的權利?或者通過組成員身份,例如MyDomain \ RSUsers – gbn 2009-06-02 17:57:52
我們幾乎對所有事情都使用活動目錄組。我通過使用GetPolicies()方法找到了這些組。我想我可以查詢AD的大部分這些羣體,看看他是否在他們身上。但是這並不包括BUILTIN \ Administrators之類的東西,而且我期望SSRS能夠完全做到這一點。 – 2009-06-02 18:41:44