x

Immediately propagate Windows permissions for SSRS

I manage my SSRS access through Windows Active Directory Groups, however when I add a new user to an existing group, the only way I have ever found of propagating this permission is to get the user to logoff and logon again.

Is there a way of 'forcing' Windows permissions to be refreshed?

more ▼

asked May 26, 2010 at 07:24 AM in Default

avatar image

Kev Riley ♦♦
63.8k 48 61 81

(comments are locked)
10|1200 characters needed characters left

3 answers: sort voted first

I do security the same way and I used to have that problem but I've got this working now. I can't remember where I found this but if you let all users view all folders (with the View Folder role, not the Browser role so they can see the folder but only reports they have access to) then they can see a report as soon as you give them access.

Here's what you do:

Go into Site Settings | Configure item-level role definitions and create a new role (eg. View Folders Role). Tick the View Folders task.

Add the domain group(s) to the security of every folder in your new View Folders Role role.

more ▼

answered May 26, 2010 at 01:10 PM

avatar image

David Wimbush
10.2k 30 34 43

(comments are locked)
10|1200 characters needed characters left

Ahh think I might have found the answer. It appears not, according to an answer found here

The user receives his/her security token at logon. The security token contains information regarding the user's group membership and other rights.

If you add or remove a user to/from a particular group, then that user needs to receive a new token in order take advantage of the group membership. This process only occurs at logon. It cannot happen "on the fly."

more ▼

answered May 26, 2010 at 12:01 PM

avatar image

Kev Riley ♦♦
63.8k 48 61 81

(comments are locked)
10|1200 characters needed characters left

Do you have more than one domain controller? It may be a requirement for replication to take place between the AD servers so that they are all up-to-date. Sometimes here we have to force replication manually to get user accounts to pick up new permissions. This isnt much better than the user logoff/logon though, its just a different person doing the work.

more ▼

answered May 26, 2010 at 07:41 AM

avatar image

Fatherjack ♦♦
43.7k 79 97 117

Nope, just the one DC

May 26, 2010 at 08:03 AM Kev Riley ♦♦
(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.

Topics:

x648
x108
x12

asked: May 26, 2010 at 07:24 AM

Seen: 3402 times

Last Updated: May 26, 2010 at 07:24 AM

Copyright 2016 Redgate Software. Privacy Policy