#1 2019-03-18 00:04:57

aditi.raiter
Member
Registered: 2018-05-01

Recommended way for a url user to execute just 1 report

Is there a recommended way for an url user so that the user can run just 1 report.

Reference : https://reportserver.net/en/guides/admi … a-the-URL/

Example : http://SERVER:PORT/reportserverbasedir/reportserver/httpauthexport?id=5000&user=exportuser&apikey=79PKXGScP8r8&format=HTML&download=false

Here can I restrict exportuser to run just 1 report using url? There is a security concern if any creative person changes the report id in the url to run any report in the system with that exportuser

One thought process is to restrict the user with execute rights on just 1 report say id 5000 and pull out execute rights on all other reports. This seems  to be a time consuming way - pull out execute rights on all other reports.

Offline

#2 2019-03-18 15:32:18

aditi.raiter
Member
Registered: 2018-05-01

Re: Recommended way for a url user to execute just 1 report

Got it!  Created a new url user and a new report group with just 1 report access in that  user group.

Offline

#3 2019-03-22 08:48:24

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Recommended way for a url user to execute just 1 report

Hi Aditi,

this is correct. Users have only access to reports they have explicit (or inherited) access to. Per default, they don't have permissions, so this is the correct way to achieve this.
You can also give the user explicit permissions on the report you need. You don't need a user group for this. But both approaches should work.

Regards,
Eduardo

Offline

#4 2019-04-19 11:48:00

Patryx
Member
Registered: 2019-03-25

Re: Recommended way for a url user to execute just 1 report

How should I embed Report Execution View without loging?
There is only shown url for exporting.

Offline

#5 2019-04-23 08:26:20

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Recommended way for a url user to execute just 1 report

Hi Patryx,

using apikeys for logging in is currently only possible for httpauthexport. We are working on allowing this for inlinereport too, we have RS-2286 for this. In the meanwhile, you could however implement this via a little script that parses the URL, logs in the user identified by the apikey and then forwards the user to the #inlinereport url.

Regards,
Eduardo

Offline

#6 2019-04-23 08:30:47

Patryx
Member
Registered: 2019-03-25

Re: Recommended way for a url user to execute just 1 report

Hi Eduardo,
Thanks. Do you have such a script as workaround to use before issuing inline mechanism in one of next Report Server version?

Offline

#7 2019-04-23 08:44:06

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Recommended way for a url user to execute just 1 report

Hi Patryx,

we currently don't, but the script should not be difficult to implement.

Regards,
Eduardo

Offline

#8 2019-05-09 08:05:58

Patryx
Member
Registered: 2019-03-25

Re: Recommended way for a url user to execute just 1 report

Hi Eduardo,
What about ticket RS-2286?
Do you know when you release version with possibility to run Report Execution View via url without login?
Meanwhile, could you give me some clues for workaround? Should I use a specially hook to recognise user by apikey, check if he has permission to given report and then login in my script?

Last edited by Patryx (2019-05-09 08:11:28)

Offline

Board footer

Powered by FluxBB