使用SQL Server Reporting Services Web Service,如何确定特定域用户对特定报告的权限?有问题的用户不是正在访问Web服务的用户。使用Reporting Services Web服务,您如何获得特定用户的权限?
我正在使用在SSRS中具有完全权限的域服务帐户(允许说MYDOMAIN\SSRSAdmin)访问Web服务。我想以编程方式查找特定报告的域用户的权限(可以说MYDOMAIN\JimBob)。
的GetPermissions()方法上的Web服务将返回的权限列表,该当前用户有(MYDOMAIN\SSRSAdmin),但是这不是我要找的。我如何获得MYDOMAIN\JimBob的同一个权限列表?我将不会拥有用户的域密码,因此使用他们的凭据调用GetPermissions()方法不是一种选择。然而,我是从拥有完全权限的帐户访问此信息的,因此我认为理论上应该可以获得信息。
SSRS从用户的NT登录令牌中获取NT组。这就是为什么当你被添加到新组时,你需要注销并重新登录。这同样适用于大多数Windows检查(SQL Server,共享,NTFS等)。
如果你知道NT组(S)...
您可以直接查询Report Server数据库。我几乎直接从我们用来检查文件夹安全性的一个报告中解除了这个(C.Type = 1)。在U.UserName上过滤。
SELECT
R.RoleName,
U.UserName,
C.Path
FROM
ReportServer.dbo.Catalog C WITH (NOLOCK) --Parent
JOIN
ReportServer.dbo.Policies P WITH (NOLOCK) ON C.PolicyID = P.PolicyID
JOIN
ReportServer.dbo.PolicyUserRole PUR WITH (NOLOCK) ON P.PolicyID = PUR.PolicyID
JOIN
ReportServer.dbo.Users U WITH (NOLOCK) ON PUR.UserID = U.UserID
JOIN
ReportServer.dbo.Roles R WITH (NOLOCK) ON PUR.RoleID = R.RoleID
WHERE
C.Type = 1
感谢您的查询。这看起来像给了我和GetPolicies()Web服务方法相同的结果。它会返回Active Directory组的名称,这意味着我必须查询Active Directory才能获取用户。我猜想我想要做的不可能是现成的,并且需要GetPolicies()和AD查询的组合。 – 2009-06-03 15:20:36
查看“GetPolicies方法”,您可以在下面的链接中看到。
http://msdn.microsoft.com/en-us/library/reportservice2010.reportingservice2010.getpolicies.aspx
希望这会让你开始。我在复制文件夹结构时使用它,当我想将我的SSRS项目从源迁移到目标服务器时,将其从旧服务器报告到新服务器。它是一种在一台服务器上获取项目的安全策略的方法,然后在将项目从源服务器复制到目标服务器后,为另一台服务器上的相同项目设置安全策略。您必须设置您自己的源和目标服务器名称。
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Web.Services.Protocols; //<=== required for SoapException
namespace SSRS_WebServices_Utility
{
internal static class TEST
{
internal static void GetPoliciesForAnItem_from_Source_ThenSetThePolicyForTheItem_on_Destination(string itemPath)
{
string sSourceServer = "SOURCE-ServerName";
Source_ReportService2010.ReportingService2010 sourceRS = new Source_ReportService2010.ReportingService2010();
sourceRS.Credentials = System.Net.CredentialCache.DefaultCredentials;
sourceRS.Url = @"http://" + sSourceServer + "/reportserver/reportservice2010.asmx";
string sDestinationServer = "DESTINATION-ServerName";
Destination_ReportService2010.ReportingService2010 DestinationRS = new Destination_ReportService2010.ReportingService2010();
DestinationRS.Credentials = System.Net.CredentialCache.DefaultCredentials;
DestinationRS.Url = @"http://" + sDestinationServer + "/reportserver/reportservice2010.asmx";
Boolean val = true;
Source_ReportService2010.Policy[] curPolicy = null;
Destination_ReportService2010.Policy[] newPolicy = null;
try
{
curPolicy = new Source_ReportService2010.Policy[1];
curPolicy = sourceRS.GetPolicies(itemPath, out val); //e.g. of itemPath: "/B2W/001_OLD_PuertoRicoReport"
//DestinationRS.SetPolicies(itemPath, newPolicy);
int iCounter = 0;
//int iMax = curPolicy.Length;
newPolicy = new Destination_ReportService2010.Policy[curPolicy.Length];
foreach (Source_ReportService2010.Policy p in curPolicy)
{
//create the Policy
Destination_ReportService2010.Policy pNew = new Destination_ReportService2010.Policy();
pNew.GroupUserName = p.GroupUserName;
pNew.GroupUserName = p.GroupUserName;
Destination_ReportService2010.Role rNew = new Destination_ReportService2010.Role();
rNew.Description = p.Roles[0].Description;
rNew.Name = p.Roles[0].Name;
//create the Role, which is part of the Policy
pNew.Roles = new Destination_ReportService2010.Role[1];
pNew.Roles[0]=rNew;
newPolicy[iCounter] = pNew;
iCounter += 1;
}
DestinationRS.SetPolicies(itemPath, newPolicy);
Debug.Print("whatever");
}
catch (SoapException ex)
{
Debug.Print("SoapException: " + ex.Message);
}
catch (Exception Ex)
{
Debug.Print("NON-SoapException: " + Ex.Message);
}
finally
{
if (sourceRS != null)
sourceRS.Dispose();
if (DestinationRS != null)
DestinationRS.Dispose();
}
}
}
}
要调用它使用以下命令:
TEST.GetPoliciesForAnItem_from_Source_ThenSetThePolicyForTheItem_on_Destination("/FolderName/ReportName");
,你必须把自己的SSRS文件夹名称和报表名称,即路径的项目。
其实我用的就是通过在目标文件夹中,然后调用该方法这样所有的项目循环的方法:
internal static void CopyTheSecurityPolicyFromSourceToDestinationForAllItems_2010()
{
string sDestinationServer = "DESTINATION-ServerName";
Destination_ReportService2010.ReportingService2010 DestinationRS = new Destination_ReportService2010.ReportingService2010();
DestinationRS.Credentials = System.Net.CredentialCache.DefaultCredentials;
DestinationRS.Url = @"http://" + sDestinationServer + "/reportserver/reportservice2010.asmx";
// Return a list of catalog items in the report server database
Destination_ReportService2010.CatalogItem[] items = DestinationRS.ListChildren("/", true);
// For each FOLDER, debug Print some properties
foreach (Destination_ReportService2010.CatalogItem ci in items)
{
{
Debug.Print("START----------------------------------------------------");
Debug.Print("Object Name: " + ci.Name);
Debug.Print("Object Type: " + ci.TypeName);
Debug.Print("Object Path: " + ci.Path);
Debug.Print("Object Description: " + ci.Description);
Debug.Print("Object ID: " + ci.ID);
Debug.Print("END----------------------------------------------------");
try
{
GetPoliciesForAnItem_from_Source_ThenSetThePolicyForTheItem_on_Destination(ci.Path);
}
catch (SoapException e)
{
Debug.Print("SoapException START----------------------------------------------------");
Debug.Print(e.Detail.InnerXml);
Debug.Print("SoapException END----------------------------------------------------");
}
catch (Exception ex)
{
Debug.Print("ERROR START----------------------------------------------------");
Debug.Print(ex.GetType().FullName);
Debug.Print(ex.Message);
Debug.Print("ERROR END----------------------------------------------------");
}
}
}
}
JimBob是否有对文件夹等明确的权利?或者通过组成员身份,例如MyDomain \ RSUsers – gbn 2009-06-02 17:57:52
我们几乎对所有事情都使用活动目录组。我通过使用GetPolicies()方法找到了这些组。我想我可以查询AD的大部分这些群体,看看他是否在他们身上。但是这并不包括BUILTIN \ Administrators之类的东西,而且我期望SSRS能够完全做到这一点。 – 2009-06-02 18:41:44