#1 2019-05-09 09:49:33

Patryx
Member
Registered: 2019-03-25

Create User in Administration without inherited Groups

Hi,
I want to create my exportuser with apikey and I want to just allow him to export report XX.
I can just create User under User Root folder what automatically causes that the user has Administators and User in "Inherited Access Control Entries"...
How can I create user which do not inderited from such groups automatically...?

Offline

#2 2019-05-13 07:24:13

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Create User in Administration without inherited Groups

Hi Patryx,

if you create the user under User Root folder (organisational unit), all users/group that have rights on this folder will also have the same rights on children of this folder.
If you click on the parent folder (in this case User Root), you will see that the groups are defined here and which rights/permissions they have *on the given object*. In this case, all members of the Administrators and Users groups will have the rights defined *on the User Root*. So if these both groups have read permissions on the User Root folder, these will also have these permissions on children of User Root.

"what automatically causes that the user has Administators and User in "Inherited Access Control Entries""
Let's say the Group "Users" has read permission on "User Root" OU. If you create a new user under "User Root", this will mean, that the group "Users" will also have read permission on this new user.

If you want to remove the right of Users to read the new user, you may add a new Access Control Entry on the new user and prohibit read right. So it will override the parent' settings.

More information on permissions here: https://reportserver.net/en/tutorials/t … rmissions/ and https://reportserver.net/en/guides/admi … anagement/

Regards,
Eduardo

Offline

#3 2019-05-13 12:39:48

Patryx
Member
Registered: 2019-03-25

Re: Create User in Administration without inherited Groups

Thanks, I noticed that I can inherit permissions to disallow Administrator or Users group but I thought that there should be easiest way.
I understand that I am forced to create user only under User Root? I cannot create user under different (new Folder) using Administrator page of Report Server.

Offline

#4 2019-05-14 12:00:01

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Create User in Administration without inherited Groups

Hi Patryx,

you can always change the permissions as you need. Please note that the permissions you see here are *on the respective object*. So if you click on user A and you see: group B with reading permission, this means that group B can read user A.

Regards,
Eduardo

Offline

Board footer

Powered by FluxBB