I'm a SQL Server DBA and will be playing the role of a
SQL2000 Reporting Services administrator. To tightly
control the environment and keep track of all the changes,
I'm considering to implement a policy that requires all
changes to Reporting Services and reports be released into
production via VB.NET scripts for rs.exe, and all such
scripts be submitted to me for review first.
I'd like to bounce this off you guys to see (1) whether
I'm going overboard, and (2) whether all changes can be
implemented via RS scripts.
JoeAs far as your first question, about going overboard... it's not clear to me
how this policy can be enforced. Users could just run any script, or write
their own app to talk to the server. If you really want to prevent users
from performing certain actions, I recommend using the built in security to
give users only the permissions they need for the actions you want them to
take.
As far as functionality... rs.exe has complete access to the SOAP API.
--
This posting is provided "AS IS" with no warranties, and confers no rights
"Joe Bourne" <anonymous@.discussions.microsoft.com> wrote in message
news:46ae01c4734b$5b917fa0$a401280a@.phx.gbl...
> I'm a SQL Server DBA and will be playing the role of a
> SQL2000 Reporting Services administrator. To tightly
> control the environment and keep track of all the changes,
> I'm considering to implement a policy that requires all
> changes to Reporting Services and reports be released into
> production via VB.NET scripts for rs.exe, and all such
> scripts be submitted to me for review first.
> I'd like to bounce this off you guys to see (1) whether
> I'm going overboard, and (2) whether all changes can be
> implemented via RS scripts.
> Joe|||Thanks, Brian!
I was thinking in the line of SQL Server's DDL vs DML, if
I can make such a similar distinction in SSRS. So
for 'DDL' type of changes, I'll try to enforce the rs
scripting requirement, whereas for 'DML' type of changes,
the users can make whatever changes however they want.
Just like in SQL Server, the users can
insert/delete/update their data with their permissions,
and I really don't care what they do. But when it comes to
schema changes, I make sure that thye submit scripts to me
first.
Now, can I classify SSRS tasks into 'DDL' and 'DML', and
assign security to allow DML changes only?
Joe
>--Original Message--
>As far as your first question, about going overboard...
it's not clear to me
>how this policy can be enforced. Users could just run
any script, or write
>their own app to talk to the server. If you really want
to prevent users
>from performing certain actions, I recommend using the
built in security to
>give users only the permissions they need for the actions
you want them to
>take.
>As far as functionality... rs.exe has complete access to
the SOAP API.
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights
>"Joe Bourne" <anonymous@.discussions.microsoft.com> wrote
in message
>news:46ae01c4734b$5b917fa0$a401280a@.phx.gbl...
>> I'm a SQL Server DBA and will be playing the role of a
>> SQL2000 Reporting Services administrator. To tightly
>> control the environment and keep track of all the
changes,
>> I'm considering to implement a policy that requires all
>> changes to Reporting Services and reports be released
into
>> production via VB.NET scripts for rs.exe, and all such
>> scripts be submitted to me for review first.
>> I'd like to bounce this off you guys to see (1) whether
>> I'm going overboard, and (2) whether all changes can be
>> implemented via RS scripts.
>> Joe
>
>.
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment