After upgrading to SP1, we ran into the problem when using datasources without credentials. We know that we need to use rsconfig to set the user account for unattended operations. So far so good. But looking at the documentation and reading some of the threads here, I'm not clear on the specific values, and more importantly, *purposes* of the parameters.
For example Tudor Trufinescu of Microsoft wrote that we should specify a'low-privelege' account. Why? What does RS need to access with this account?
And this leads to some more specific questions that are not addressed in the documentation. In our case, we have a custom datasource consisting of an XML dataset which we create using a stored procedure before we even call RS to run the report.
And then there's the question of the database parameter. Which database are we talking about? The ReportService database? If not, this seems to make no sense in our application, because we fill our XML file using a stored procedure run against an Oracle database through the Oracle .Net Managed Provider.
Thanks.Rsconfig is used for two different purposes. If you are using it to set the
unattended execution account, you can ignore the database parameters - they
are not required.
RS uses the unattended account for performing external operations, currently
remote images and non-credentialed data access. Since you may have set up
the ReportServer to run as a specific user account, you might not want this
account to access remote data (potential security hole). Let's say you are
running the ReportServer as a domain user (mydomain\bob) and that you are
using integrated security between the Report Server and the Report Server
database. Now lets say a user who understands Reporting Services publishes a
report to the server that modifies the local ReportServer databse and
doesn't require credentials to run. Without an unattended execution account,
the system wakes up and tries to access the data as mydomain\bob, not
necessarily what the sysadmin wanted to happen.
--
Brian Welcker
Group Program Manager
SQL Server Reporting Services
This posting is provided "AS IS" with no warranties, and confers no rights.
"pgh" <pgh@.discussions.microsoft.com> wrote in message
news:1ED77F48-AD2B-496D-9D75-683AD3C833A8@.microsoft.com...
> After upgrading to SP1, we ran into the problem when using datasources
> without credentials. We know that we need to use rsconfig to set the user
> account for unattended operations. So far so good. But looking at the
> documentation and reading some of the threads here, I'm not clear on the
> specific values, and more importantly, *purposes* of the parameters.
> For example Tudor Trufinescu of Microsoft wrote that we should specify
> a'low-privelege' account. Why? What does RS need to access with this
> account?
> And this leads to some more specific questions that are not addressed in
> the documentation. In our case, we have a custom datasource consisting of
> an XML dataset which we create using a stored procedure before we even
> call RS to run the report.
> And then there's the question of the database parameter. Which database
> are we talking about? The ReportService database? If not, this seems to
> make no sense in our application, because we fill our XML file using a
> stored procedure run against an Oracle database through the Oracle .Net
> Managed Provider.
> Thanks.
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment