SSRS 2005 questions
Mecn
We are trying to have SSRS2005 ready for production and I heard that
SSRS2005 upgrade to SSRS2005 is very difficult and SSRS2005 securty is very
poor.
IS that True?
Thanks,
Bruce L-C [MVP]
The upgrade to RS 2008 is more difficult because they made major
architectural changes that cause the upgrade to be more of an install and
migration rather than an upgrade.
As far as security you need to be more specific. I am not aware of security
issues. BUT, it depends on what you mean by it.
The way I look at security for my site, if you have rights to a report you
have rights to the data in the report. But, in a few cases where that isn't
true then I use the User!UserID global variable to restrict the access to a
report.
Now, if you have data that you need to restrict and you are doing it by the
parameter being passed into the report, then that can be modified.
The way to look at it is that RS uses role based security and is giving
rights to run a report. The data behind the report it is up to you on how
restrictive to make it. You can use User!UserID, you can use the login user
in the data source. By that I mean you add the user as a login to SQL Server
and then the credentials used for the data source is the user viewing the
report.
I don't do that. I have SQL Server in mixed mode and have a login that has
read only rights and give that use execute rights on appropriate stored
procedures. Then all reports use this special user for the credentials. The
person running the report is only used by RS to determine if they have the
right to run the report.
--
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Mecn" <me...@yahoo.com> wrote in message
news:eu63k1#fKHA...@TK2MSFTNGP05.phx.gbl...
Mecn
"Bruce L-C [MVP]" <bruce_l...@hotmail.com> wrote in message
news:ebRM97%23fKH...@TK2MSFTNGP06.phx.gbl...
Mecn
Is it still OK to upgrade from SSRS2005 to SSRS2008 instead of Migrate/
install
"Bruce L-C [MVP]" <bruce_l...@hotmail.com> wrote in message
news:ebRM97%23fKH...@TK2MSFTNGP06.phx.gbl...
Bruce L-C [MVP]
different. 2000 to 2005 allowed an in place upgrade. 2005 to 2008 does not.
Part of the reason for this is that RS 2008 no long uses IIS. It can coexist
with IIS being installed but it does not use it. Read up carefully on this.
I found it to be a bit convoluted.
That being said, RS 2008 is a great product and well worth the hassle of
upgrading.
--
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Mecn" <me...@yahoo.com> wrote in message
news:eOD93E$fKHA...@TK2MSFTNGP04.phx.gbl...
Bruce L-C [MVP]
2000 to 2005 experience I went through and converted my reports to 2008. By
that I mean I opened up each report in RS 2008 report designer which
converts the reports and then I redeploy. Might be overkill but I prefer to
limit any potential issues.
--
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Mecn" <me...@yahoo.com> wrote in message
news:eOD93E$fKHA...@TK2MSFTNGP04.phx.gbl...
Mecn
"Bruce L-C [MVP]" <bruce_l...@hotmail.com> wrote in message
news:eC%23Ufl$fKHA...@TK2MSFTNGP05.phx.gbl...
Scho
here where I work (entire environment incl. SSIS and SSRS) and had no
major issues. Reporting was fairly easy to configure and all the
reports worked, although like Bruce, we opened them all in Visual
Studio 2008 and let it convert them and then checked they still worked
and looked okay before deploying them.
If in doubt, put them in VS08 and see what happens! :o)
HTH,
Scho
Mecn
use of IIS?
IS there a an issue of security without IIS?
Thanks again
"Scho" <Schod...@hotmail.com> wrote in message
news:ed44af7f-5ad2-45bb...@n35g2000yqm.googlegroups.com...
Scho
people were having issues installing RS on servers without IIS
installed/enabled on and as such took a lot more effort than normal to
get things working.
I believe the security is fairly good although it's all co-dependent
on various issues; I'd check the BOL as I'm sure it will be outlined
there.
Scho
Bruce L-C [MVP]
Microsoft. Another benefit is without IIS installed you have a lot less
security issues in the first place. Also, lots of DBAs just did not want IIS
installed on their server.
--
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Scho" <Schod...@hotmail.com> wrote in message
news:ccc23c8a-0328-49e9...@m16g2000yqc.googlegroups.com...
Mecn
The security issues for us is the PCI standard.
SSRS 2005 and 2008 are meet PCI compliance standard?
Thanks
"Bruce L-C [MVP]" <bruce_l...@hotmail.com> wrote in message
news:erOZNuAg...@TK2MSFTNGP06.phx.gbl...
Bruce L-C [MVP]
itself:
http://www.parentebeard.com/lib/pdf/Deploying_SQL_Server_2008_Based_on_PCI_DSS.pdf
http://www.microsoft.com/sqlserver/2008/en/us/compliance.aspx
http://www.microsoft.com/sqlserver/2008/en/us/Security.aspx
OK, so that gets the database secure. Now, RS support ssl so you would need
to configure it to use it:
http://msdn.microsoft.com/en-us/library/ms345223.aspx
Now remember, RS is a reporting solution. The key to PCI standard seems to
be a need to know. The reports would need to be designed that way. Using the
User!UserID to pass the user to your stored procedure that retrieves data.
This is not a parameter and cannot be spoofed.
It seems to me that RS can be used in compliance with the DCI standards IF
your organization does everything else it requires.
--
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Mecn" <me...@yahoo.com> wrote in message
news:#jT7CCBg...@TK2MSFTNGP06.phx.gbl...
Mecn
"Bruce L-C [MVP]" <bruce_l...@hotmail.com> wrote in message
news:%23qrQ4aB...@TK2MSFTNGP05.phx.gbl...
Mecn
"Bruce L-C [MVP]" <bruce_l...@hotmail.com> wrote in message
news:%23qrQ4aB...@TK2MSFTNGP05.phx.gbl...