You are not logged in.
Hello,
I am creating Groups via a groovy script and was wondering if it is possible to also grant permissions for the group in the same script? For example, at a minimum execute on "ReportServer Access" and read on "TeamSpace".
The Script Guide didn't seem to have anything along these lines. I also took a look at the Javadocs and wondered if the SecurityService interface might be the right area but I'm not too sure how to get started.
Does anyone have any suggestions or sample code showing how this could be accomplished?
Thanks!
Offline
Hi,
a good starting point if you want to learn more on the inner workings of ReportServer might be the demobuilder script we use to setup the demosystem. You'll find it (and its resource files) in a zip-file in the pkg subdirectory of your reportserver install.
Cheers,
Thorsten
Offline
That's exactly what I need, thank you so much!
Offline
The demobuilder script was incredibly helpful - thanks!
The last thing I am trying to do is grant privileges on reports to groups, via script. I can see how generic privileges are granted in demobuilder (to 'AccessRsSecurityTarget', for example). Do I need to somehow create a GenericSecurityTargetEntity that represents the report? When I do this task in the UI, I see there's a new entry in RS_ACL with the entity_id matching the acl_id field in the RS_REPORT_MGR_NODE for the record for my particular report. I'm just not sure how to use the API to do this.
I don't think I see this being done in the demo script - can you suggest how to go about doing it?
Offline
Hi,
Perhaps I should first explain, what we mean by "generic" when talking about generic permissions:
While all permissions in ReportServer are based on the concept of ACL/ACE we distinguish two different kinds of permissions:
The first are the object permissions, or as we sometimes call them tree-based-permissions as they apply to security targets that are stored in one of the tree structures (Reports, FileServer-Files, Datasources, Users, ...) These use Hierarchical ACLs where the target of the ACL is a node in one of the trees.
The other set of permissions are those that are not linked to some specific object but grant a more generic right. Like the general permission to use the application, or access the admin module. As these permissions can not use a treenode as their target, we have the GenericSecurityTargets.
The demobuilder script uses both kinds of permissions:
grantGenericPermission(Class target, AbstractUserManagerNode folk, Right... rights)
grants generic permissions. The target is identified by a GenericSecurityTarget class object
grantPermission(SecuredAbstractNode targetNode, AbstractUserManagerNode folk, AccessType accessType, Right... rights)
grants object/tree permissions. Instead of the GenericSecurityTarget it uses a tree node as the target
Does that help?
Cheers,
Thorsten
Offline
Thanks for the detailed explanation - that was a big help! Now the grantPermission() method in the demobuilder script makes more sense and I have this working in my own script.
Offline