Sams Microsoft SQL Server 2008- P12

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

0
48
lượt xem
8
download

Sams Microsoft SQL Server 2008- P12

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'sams microsoft sql server 2008- p12', công nghệ thông tin, cơ sở dữ liệu phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Sams Microsoft SQL Server 2008- P12

  1. Reporting Services Add-In for SharePoint 531 Report Server DB. Report Server ensures that the copy of the reports in Report Server DB is kept in sync with the master copy in the SharePoint Content DB via a catalog- 31 synchronization feature. Any metadata associated with the reports such as schedules, subscriptions, and snapshots for report history or report execution is stored only in the Report Server DB. Figure 31.1 shows catalog synchronization as a feature in Report Server in SharePoint inte- grated mode. This is a background process that is triggered automatically whenever a report item is created, updated, or retrieved. It ensures that the copies kept in Report Server DB are in sync with the SharePoint Content DB. When report items are deleted from the SharePoint site, the Report Server performs peri- odic verification and removes any copies from the Report Server database along with any associated report snapshots, subscriptions, and other metadata for the report. At daily intervals, the Report Server runs a cleanup process to verify that items stored in the Report Server database are associated with a report in the SharePoint Content database. The frequency of the cleanup process is controlled by the DailyCleanupMinuteofDay property in the RSReportServer.config file. Security Management For authentication, both the Windows integrated and trusted account modes are supported between SharePoint Server and Report Server. Figure 31.2 shows how the authentication information flows between the SharePoint and Report Server. WSS Web Windows Windows Application with User (Kerberos)User Windows Authentication Report Server Non- WSS Web Trusted Windows Application (non- Account and (non- Kerberos or Kerberos) Custom SharePoint User Authentication) User token FIGURE 31.2 Security authentication modes. In SharePoint integrated mode, SSRS uses a security extension to maintain report security in MOSS or WSS. SharePoint security features can be used to access report items from SharePoint sites and libraries. Once you integrate Report Server and SharePoint, the exist- ing site and list permissions for your users automatically give them permissions for Report Server operations. For example, the SharePoint View Item permission means the user can also view reports, whereas the Add Item permission translates to rights for creating new lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  2. 532 CHAPTER 31 SSRS 2008 SharePoint Integration Architecture reports, data sources, and report models on the SharePoint site. A list of SharePoint permissions and how they map to Report Server operations is provided in Chapter 33. Deployment Architecture Prerequisites for SSRS to integrate with SharePoint include the following: . Install SSRS 2008 in SharePoint integrated mode, which is available in the following editions: Developer, Evaluation, Standard, and Enterprise. . Install the same type and version of SharePoint WFE on the Report Server machine as is on the SharePoint Server that will be used for integration. Integration is supported for WSS 3.0 and MOSS 2007 Standard or Enterprise editions. If you inte- grate with WSS, install the WSS WFE on the Report Server machine; for MOSS, install the MOSS WFE. . Install the RS add-in on each SharePoint WFE that will be used to view and man- age reports. To plan your system architecture, here are the variations of deployment topologies to consider: . Single machine: Figure 31.3 shows all SSRS and SharePoint components working together on the same machine. Putting everything on a single computer may not be practical for an enterprise production deployment, but it is attractive in a develop- ment or testing environment to save costs (for example, hardware and software licensing costs). Single Box Clients Flat Files, OLE DB, Report Catalog MOSS or WSS Reporting Data Report Server ODBC IE Clients RS RS Server RSDB Add-in SharePoint WFE Clients SQL, AS, DB2, Oracle, Teradata, etc. FIGURE 31.3 Single-machine deployment of SSRS and SharePoint. . Distributed servers: It is common to separate the application server and database server on separate machines even for a single instance of SSRS or SharePoint Server. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  3. Summary 533 For example, you may have all the databases for SharePoint and Report Server on one machine, Report Server on another machine, and the SharePoint web applica- 31 tion on a third machine. As long as you install a SharePoint WFE on the Report Server machine and the RS add-in on the SharePoint web application, the deploy- ment topology is sound and provides better resource isolation between the servers. . Scalable deployments: To support a large number of users or workloads, multiple instances of the same server component can be deployed, such as multiple Report Servers or multiple SharePoint sites (also called a SharePoint farm). Figure 31.4 shows a series of computers being used for SSRS scale out and a series of computers being used for a SharePoint farm. NLB in Figure 31.4 stands for network load balancer. The entire SharePoint farm must be configured to use a virtual Report Server URL as a single point of entry. Individual SharePoint sites in a farm cannot be configured against different Report Servers. SSRS does not provide load-balancing features or the ability to configure a virtual server URL out of the box. Therefore, a hardware or software load-balancing solution must be used. SharePoint and SSRS Scaled Out RS Scale Out Deployment Clients SharePoint Farm RS RS Server Report Catalog Reporting Data Add-in SharePoint + SharePoint WFE WFE Flat Files, OLE DB, ODBC NLB NLB Clients RS RS Server Add-in SharePoint + SharePoint WFE WFE RS Server SQL, AS, RS Add-in SharePoint + SharePoint WFE DB2, Oracle, Clients Teradata, etc. WFE FIGURE 31.4 Multiple-machine deployment in a scale-out farm. Summary SSRS SharePoint integration is enabled via deep database and security integration between Report Server and SharePoint via the Report Server SharePoint integrated mode. An RS add- in is required to be installed on the SharePoint web application to view and manage reports and to interact with SSRS. All user actions are initiated via the SharePoint UI, which uses a proxy to communicate with Report Server and complete any actions on report items. A variety of deployment topologies can be picked for integration between SharePoint and SSRS, such as single machine, distributed servers, and scalable deployments. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  4. This page intentionally left blank lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  5. CHAPTER 32 IN THIS CHAPTER . Installing Reporting Services Installation of Reporting . Installing SharePoint Services Integrated with . Configuring Report Server in SharePoint Integrated Mode SharePoint . Installing Reporting Services Add-In for SharePoint . Configuring Report Server The preceding chapter covered deployment architectures, Integration Via SharePoint which can help you to decide whether to integrate Central Administration SharePoint with Reporting Services on a single machine, . Upgrading from SSRS2K5 SP2 distributed servers, or scalable farms. . Scaling-Out Deployments Traditionally, you can launch Microsoft software installa- tion by clicking setup.exe without much planning and . Troubleshooting troubleshoot if something goes wrong. Customers have found that installation and configuration of the integration between SharePoint and Reporting Services can be hard to troubleshoot. There might also be additional steps needed to configure your specific deployment environment. Therefore, we highly recommend that you spend some time planning the list of tasks for your integrated deployment before you actually start installation. The recommended order for setup and configuration is as follows: 1. Install Reporting Services. 2. Install SharePoint. 3. Configure Report Server for SharePoint mode. 4. Install the RS add-in for SharePoint. 5. Configure SharePoint to work with Report Server. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  6. 536 CHAPTER 32 Installation of Reporting Services Integrated with SharePoint NOTE Basic (default) installation of SharePoint Server will install an Embedded Edition of SQL Server that is used for storing the SharePoint Content and Configuration databases. If you are installing SharePoint Server and Reporting Services on the same machine, note that Reporting Services cannot use the Embedded Edition of SQL Server for stor- age. You will have to install a database engine from the SQL Server CD along with Reporting Services. Installing Reporting Services Follow the steps from Chapter 6, “Installing Reporting Services.” Step 10 and Figure 6.9 show how to specify the installation mode on the Reporting Services Configuration page. To pick the default configuration for SharePoint integrated mode installation, select the Install the SharePoint Integrated Mode Default Configuration option. This option will configure the Report Server web service, Report Server database, the service account, and connections needed for access. An alternative is to pick the Install, but Do Not Configure the Report Server option. This is called a Files Only mode of installation. This will require post-installation configuration steps that provide more opportunities to pick URLs, port numbers, and names for web services and databases. Installing SharePoint You can do a fresh install of Windows SharePoint Services 3.0 (WSS) or Microsoft Office SharePoint Server 2007 (MOSS) or use existing SharePoint deployments to integrate with Reporting Services. Refer to tutorials or books on WSS and MOSS for information about topics such as administration of SharePoint farms. For many readers, you are likely to have existing installations of WSS or MOSS, and your SharePoint administrator can help you with the integration tasks. If you are installing a new SharePoint Server, you can reduce the number of database engines to manage by reusing the SQL Server 2008 database you just installed with SSRS 2008 as your storage location for SharePoint. NOTE If your deployment topology includes installing the Report Server and SharePoint Server on separate machines, remember to install a SharePoint Web Front End (WFE) on the Report Server computer, too. The WFE type and version should be the same as on the SharePoint Server (WSS or MOSS) that you are integrating with SSRS. Follow steps 1 through 3 described in the instructions to set up WSS 3.0. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  7. Configuring Report Server in SharePoint Integrated Mode 537 Here are the basic steps to set up WSS 3.0 to use for reporting integration: 1. WSS 3.0 is available as a free download as a setup file called SharePoint.exe. Download it and launch SharePoint.exe. 2. Click the Advanced installation type and select Web Front End. 3. To configure the WFE, use the SharePoint Configuration Wizard. If you are installing 32 just a WFE on the machine, choose the Connect to an Existing Server Farm option and you should be done. 4. To continue to set up a new SharePoint Server, choose the Create a New Server Farm option. 5. Pick the database server where the SharePoint Configuration database should live. Note that if you have installed SSRS 2008 already, you can try to use the same data- base as Reporting Services. You will need to specify Windows account credentials for WSS to connect to the database. We recommend using a domain account. 6. Create a web application and site collection via the SharePoint Central Administration application. 7. From the Application Management tab, click the Create or Extend Web Application link and choose Create a New Web Application. 8. Choose the Use an Existing IIS Web Site option to use the default website. 9. Choose to Create New Application Pool and select the Network service account as the security account for the application. 10. Click the Create Site Collection link on the Application Created page and pick a name for the portal site. 11. Enter a Windows domain account as your primary site collection administrator. A new site collection is created with a top-level site (for example, http://servername). 12. If you want, you can create a new subsite (for example, reports) from the top-level site using the Site Actions drop-down menu on the top right. Now http://servername/reports is ready to host any documents (in this case, reports). Configuring Report Server in SharePoint Integrated Mode You can use the Report Server Configuration tool to create a Report Server database in SharePoint integrated mode and configure the Report Server Service. Chapter 34, “Tools Support for SSRS Integrated with SharePoint,” is about using tools with SharePoint mode, and Figure 34.3 shows the Report Server Database Configuration Wizard, which you can use to create the Report Server database in SharePoint mode. Note that you have to configure the Report Server Service to run under a domain account if Report Server and application databases are on one computer and the SharePoint web application is on another computer. Chapter 33, “SharePoint Mode Administration,” provides more information about security. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  8. 538 CHAPTER 32 Installation of Reporting Services Integrated with SharePoint Installing the RS Add-In for SharePoint Go to www.microsoft.com/downloads and search for “Reporting Services add-in for SharePoint.” NOTE There are multiple versions of the SSRS add-in. You need to download the 2008 Reporting Services add-in for SharePoint for the language of your choice. Version 10.00.2531.00 released on April 7, 2009 is the most current update and includes the Report Builder 2.0 Click Once update (www.microsoft.com/downloads/ details.aspx?displaylang=en&FamilyID=58edd0e4-255b-4361-bd1e-e530d5aab78f). Run the rsSharePoint.msi on each SharePoint Web Front End (WFE) that is part of your SharePoint farm and will be used to run and manage reports. Doing so requires SharePoint farm administrator privileges. Configuring Report Server Integration Via SharePoint Central Administration Launch your SharePoint 3.0 Central Administration and click the Application Management tab (see Figure 32.1). FIGURE 32.1 SharePoint Central Administration: Reporting Services management. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  9. Configuring Report Server Integration Via SharePoint Central Administration 539 If the RS add-in for SharePoint was properly installed and activated, you should see a section for Reporting Services with the following links: Grant Database Access, Manage Integration Settings, and Set Server Defaults. If you don’t see these links, navigate to Site Actions, Site Settings, Site Collection Features, and find Report Server Integration Feature in the list and click Activate (see Figure 32.2 and Figure 32.3). 32 FIGURE 32.2 SharePoint Central Administration: Site Collection Features. FIGURE 32.3 SharePoint Central Administration: Activate Report Server Integration Feature. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  10. 540 CHAPTER 32 Installation of Reporting Services Integrated with SharePoint Once the Reporting Services section shows up under Application Management, you can use the various links under it to configure SharePoint to talk to Report Server. First, click Manage Integration Settings (see Figure 32.4). In the first field, you can specify the Report Server web service URL, which represents the target Report Server in SharePoint mode. This is the same value as the web service URL from the Reporting Services Configuration tool. The second field is a drop-down choice for authentication mode (between Windows authentication or trusted authentication), which can be selected based on what type of authentication mode is used for the SharePoint web application. FIGURE 32.4 Reporting Services Application Management: Manage Integration Settings. Now, click Grant Database Access (see Figure 32.5) to allow the Report Server Service to access the SharePoint Configuration and Content databases. Specify the Report Server name and database instance name. When you click OK, a pop-up dialog will request credentials for connecting to the Report Server. FIGURE 32.5 Reporting Services Application Management: Grant Database Access. The last link under Reporting Services Application Management is Set Server Defaults (see Figure 32.6). lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  11. Configuring Report Server Integration Via SharePoint Central Administration 541 32 FIGURE 32.6 Reporting Services Application Management: Set Server Defaults. The Set Server Defaults option enables you to specify the default for the following Reporting Services features: . Report History Default: The ability to limit the default number of snapshots that can be stored for each report. . Report Processing Timeout: The ability to time out report processing after certain number of seconds. . Report Processing Log: The ability to generate trace logs for report processing. . Enable Windows Integrated Security: The ability to connect to report data sources with the user’s Windows security credentials. . Enable Ad Hoc Reporting: The ability to control whether users can perform ad hoc queries from a Report Builder report. If this is not set, the Report Server will not generate clickthrough reports for reports that use a report model as a data source. . Custom Report Builder Launch URL: The ability to specify the launch URL for the Report Builder that ships with SQL Server 2008 or Report Builder 2.0. If you are using a SharePoint farm or a scale-out reporting deployment topology and don’t want to repeat these configuration steps manually on each server, you can use SSRS programmability to create configuration scripts. Chapter 33 shows a code sample of how to do that. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  12. 542 CHAPTER 32 Installation of Reporting Services Integrated with SharePoint Upgrading from SSRS2K5 SP2 If you were already using Reporting Services 2005 SP2 in SharePoint integrated mode, you can upgrade the 2005 SP2 Report Server to 2008, and you can also do an in-place upgrade of the 2005 SP2 Reporting Services add-in for SharePoint with the 2008 version. Scaling-Out Deployments Here are some security account prerequisites for multiple-server deployments: . Create or use an existing domain user account to connect the SharePoint WFE to the SharePoint Configuration database. Server farms require that you use domain accounts for services and database connections. Otherwise, you will get Access Denied errors. . Create a SQL Server database login for the domain account with DBCreator permissions. . Configure the SharePoint application pool process account to run as a domain user. . Configure the Report Server Service to run as a domain user account. Traditional steps for setting up SharePoint farms (refer to SharePoint documentation or books) and scale-out Reporting Services can be applied. Here are some additional princi- ples that have to be followed for SSRS scale-out deployments with SharePoint: . All Report Servers in a scale-out deployment must run in SharePoint integrated mode. It is not possible to mix and match modes. . The instance of the SharePoint product (WSS 3.0 or MOSS 2007) that you install on the Report Server must be the same version as the other nodes in the farm. . There must be a single URL for the scale-out deployment that is used for configura- tions in SharePoint farms because there is no support for configuring an individual SharePoint WFE with individual Report Servers. You can create a single point of entry to the scale-out deployment via a URL that resolves to a virtual IP for the NLB cluster for Report Server instances. Make sure you install the minimum SharePoint installation such as WFE on the SSRS machines. Otherwise, you will see the error The Report Server cannot access settings in the SharePoint Configuration database. NOTE SQL Server Books Online has a helpful article available titled “How to Configure SharePoint Integration on Multiple Servers” (http://technet.microsoft.com/en-us/ library/bb677365.aspx). There is also a helpful blog post on distributed server deployment for SharePoint inte- grated mode at http://mosshowto.blogspot.com/2009/03/reporting-services-share point-multiple.html. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  13. Summary 543 Troubleshooting As mentioned at the beginning of this chapter, customers find various challenges (installa- tion and configuration) when integrating SharePoint with Reporting Services. Some useful tips are listed here. If you run into further problems, see Appendix A, “References and Additional Reading,” for a list of resources (white papers, blogs, and newsgroups) that may 32 help you to resolve various issues. . Problems on domain controllers: If the “Grant database access” step fails with A new member could not be added to a local group because the member has the wrong account type error, make sure your Report Server services accounts are domain accounts on a domain controller. Otherwise, you will get an error when you try to add the account to the local WSS_WPG group. . Problems installing the RS add-in for SharePoint: If you see User does not have permission to add feature to site collection, locate the installation log created by the RS add-in MSI in the Temp folder (:\Documents and Settings\\Local Settings\Temp\RS_SP_.log). You should be able to locate log entries such as the following: Activating feature to root site collection: ******* User does not have permission to add feature to site collection: ➥ This means that the RS integration feature was installed, but the feature might not be activated for the , because the user who ran the MSI was not a site collection administrator. To view the RS integration feature in the site, you need the site collection administrator to activate the Report Server feature. NOTE There is a white paper titled “Troubleshooting Integration with SQL Server 2005 and Microsoft SharePoint Technologies” at http://msdn.microsoft.com/en-us/library/ bb969101.aspx. Even though it was created for 2005 SP2, it is relevant for 2008 inte- gration, too. Summary Plan your deployment architecture for integrating Reporting Services with SharePoint care- fully and follow these setup steps in this order: 1. Install Reporting Services. 2. Install SharePoint technology. 3. Configure Report Server for SharePoint mode. 4. Install the RS add-in for SharePoint. lease purchase PDF Split-Merge on work with Report Server. remove this watermark. 5. Configure SharePoint to www.verypdf.com to
  14. This page intentionally left blank lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  15. CHAPTER 33 IN THIS CHAPTER . Security Overview SharePoint Mode . User Authentication with SharePoint Administration . Windows Integrated Security . Trusted Account with Windows or Forms Authentication . User Authorization with Installation and configuration of Reporting Services inte- SharePoint grated with SharePoint is more than half the challenge for administration. . Programmability . Configuration Code Sample Here is a basic checklist that you should have completed during installation: . Setting Up Kerberos Authentication . Install a SharePoint Web Front End (WFE) on the Report Server machine. . Install the Reporting Services add-in on the SharePoint Server. . Activate the Report Server feature in SharePoint Central Administration. . Create or point to a Report Server database in SharePoint integrated mode via the Reporting Services Configuration tool. . Configure Report Server integration via SharePoint Central Administration. If you did not complete any of those steps, refer for instruc- tions to Chapter 32, “Installation of Reporting Services Integrated with SharePoint.” The other challenges for administration are security, autho- rization, and programmability. The rest of the chapter covers these areas. Security Overview For SharePoint integrated mode, the Report Server uses the authentication and authorizations defined in the lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  16. 546 CHAPTER 33 SharePoint Mode Administration SharePoint web application to control access to report operations. This makes administra- tion much simpler and primarily driven by the SharePoint administrator. Reporting Services will process requests based on the SharePoint web application authenti- cation settings, such as the following: . Windows with integrated security (Kerberos enabled) . Windows without impersonation . Forms authentication Kerberos is better compared to NTLM when multiple hops are required. So, it is good for single-server or multiserver deployment scenarios and when external data sources are involved that use Windows integrated credentials. Custom security extensions for Reporting Services are not supported with SharePoint integrated mode. All access to a Report Server in SharePoint Integrated mode originates from the SharePoint web application. Report Server just sticks to the SharePoint authenti- cation scheme. Authorization to access Report Server items from SharePoint sites and libraries is mapped to the built-in permission model for SharePoint. This means that after SharePoint is inte- grated with Reporting Services, the existing permission levels of SharePoint users (for example, Read, Contribute, or Full Control) for the site will apply to report operations, too. This allows users to publish reports, view reports, create subscriptions, or manage report items such as data sources. Reports (.rdl), report models (.smdl), and report data sources (.rds) are SharePoint docu- ment library items. One of the various menu actions available on these report items is Manage Permissions. This enables users to set individualized permissions on report items and is described further in Chapter 36, “Managing Reports in SharePoint.” User Authentication with SharePoint Reporting Services process requests are based on the SharePoint web application authenti- cation settings. Two basic authentication workflows are used between SharePoint and the Report Server: . Windows integrated security . Trusted account So how do you choose between Windows integrated or trusted account authentication? Use the Windows Integrated option for Kerberos-enabled environments and in single-box deployment scenarios. Use Trusted Account mode for forms-based authentication, Windows authentication when impersonation is not enabled, and other scenarios. If you are having trouble setting up Kerberos, consider using Trusted Account mode to at least set up and verify that RS integration with SharePoint works. After you have fixed your Kerberos issues, you can choose to switch to using Windows integrated. For help with Kerberos, see the section on setting up Kerberos authentication. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  17. Windows Integrated Security 547 An understanding of the various security connections that are involved in completing a reporting request from a SharePoint site comes in handy when planning or troubleshoot- ing security for your deployment. Windows Integrated Security Figure 33.1 shows the authentication workflow for a SharePoint application that is config- ured to use Windows integrated security and is integrated with Reporting Services. The components in the diagram should be familiar from the chapter on the architecture of SharePoint integration with Reporting Services. 33 SharePoint WFE Report Server (Service Acct. = User2) 2 4 1 (User1) (User1) Render Security Data Management HTTP Req HTTP Req Extension (User1) Report SSRS Viewer 3 Proxy web part Processing On- (User1) and Demand HTTP Rsp (User1) Rendering Sync HTTP 6 RESPONSE 5 (User1) SharePoint Object Model User1 Report SharePoint Config/ContentDB Server DB FIGURE 33.1 Authentication workflow using Windows integrated security. To understand the various connections involved in the workflow, follow the numbered arrows in Figure 33.1: 1. Windows User1 makes a request to render a report from the Report Viewer web part via SharePoint. 2. The Reporting Services proxy connects to Report Server using the Windows User1 credentials and token. 3. If the connection is successful, Report Server needs to verify whether User1 has permissions to access and render the report. This is done by connecting to the SharePoint object model to verify the SharePoint permissions for User1 for the report. 4. If access is allowed, the Report Server proceeds to render the report. 5. Report Server will use the User1 credentials to retrieve and sync the latest copy of the report from the SharePoint Content DB and then execute the report. 6. The report results are sent back to be displayed in the Report Viewer. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  18. 548 CHAPTER 33 SharePoint Mode Administration Trusted Account with Windows or Forms Authentication Figure 33.2 shows the authentication workflow for a SharePoint application that is config- ured to use forms authorization or Windows without Kerberos. It relies on a predefined trusted account that has permission to impersonate a SharePoint user on the Report Server. SharePoint WFE Report Server (Service Acct. = User2) 3 1 (User1) (User1) Render Security Data Management HTTP Req HTTP Req (User1 SP Mgmt Report (User1 SP Token) SSRS Viewer Token) 4 Proxy 5 web part 8 Processing On- (User1) and Demand HTTP Rsp (User2) Rendering Sync HTTP SOAP 7 RESPONSE 6 (User1) User1 Sharepoint 2 Token SharePoint Object Model SharePoint Object User1 Model Report SharePoint Config/ContentDB Server DB FIGURE 33.2 Authentication workflow using trusted account authorization. To understand the various connections involved in the workflow, follow the numbered arrows in Figure 33.2: 1. Windows User1 makes a request to render a report from the Report Viewer web part via SharePoint. 2. The SharePoint web application authenticates User1 against the SharePoint object model and creates a SharePoint user token that contains the user identity and group membership for User1. 3. The Reporting Services proxy connects to Report Server using User2, the trusted Windows service account under which the SharePoint web farm is running, and sends along the User1 SharePoint user token. 4. The Report Server validates whether the connection request is from a trusted account by comparing User2 to account information that the Report Server retrieved from the SharePoint Configuration databases when the Report Server started. 5. If the authentication is valid, the rendering request can proceed along with the User1 SharePoint user token. 6. Report Server needs to verify whether the User1 SharePoint token contains the user identity and permissions needed to access and render the report. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  19. User Authorization with SharePoint 549 7. If access is allowed, the Report Server retrieves and syncs the latest copy of the report from the SharePoint Content DB, and then executes the report. 8. Report Server returns the report results back to the SharePoint WFE using the Windows trusted account, User2. 9. Reporting Services proxy returns the report results back to the Report Viewer web part via the original User1 connection. User Authorization with SharePoint 33 Authorization to access Report Server items from SharePoint sites and libraries is mapped to the built-in permission model for SharePoint. So, you need to start with a basic under- standing of the SharePoint permissions model, which allows securing SharePoint sites and documents. Inheritance is supported to apply permissions from the site level to all subsites and from folders to all its documents. Permissions are grouped into sets of permis- sion levels that can be granted to SharePoint users or groups. Five default permission levels are available in SharePoint: Full Control, Design, Contribute, Read, and Limited Access. Think of these as default roles that can be applied to users. SharePoint also provides default groups that map to some of the predefined permission levels. Adding users who need to use reports to these default groups is the easiest way to give them the appropriate level of access to reports. Most of the SharePoint users may already belong to one of more of these groups: . Visitors: This group has the Read permission level. Visitors can view reports and create subscriptions. . Members: This group has the Contribute permission level. Members can create new reports, models, report data sources, and other report items in SharePoint or publish them from design tools to SharePoint. . Owners: This group has Full Control. Owners can create, manage, and secure all report items and operations. Another way to look at it is to map traditional Reporting Services roles from native mode to SharePoint groups: . Content Manager: This role has full permissions to all items and operations. This can be mapped to the Owners group in SharePoint. . Publisher: This role allows adding and editing of reports, models, and data sources. This can be mapped to the Members group. . Browser: This role allows viewing reports and managing individual subscriptions. This can be mapped to the Visitors group. . Report Builder: This role allows viewing reports, managing individual subscrip- tions, and opening and editing reports in Report Builder. The Members and Owners groups provide these rights, but they provide other privileges, too. If you don’t want your Report Builder users to have those privileges, you can create a custom group in SharePoint and assign limited permissions. lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  20. 550 CHAPTER 33 SharePoint Mode Administration . System User, System Administrator, My Reports: These roles don’t have an equivalent mapping because they are not relevant in SharePoint mode. Table 33.1 is a reference list of SharePoint permissions, regardless of whether they are included in default SharePoint groups, and the Report Server operations that get enabled with the permission. TABLE 33.1 SharePoint Permissions SharePoint Owners Members Visitors Report Server Operation Permission Manage X Create a folder in a SharePoint Lists library Manage report history Add Items X X Add reports, report models, shared data sources, and external image files to SharePoint libraries Create shared data sources Generate report models from shared data sources Start Report Builder and create a new report or load a model into Report Builder Edit Items X X Edit or replace report, model, data source, and dependent report items Create report history snapshots or view past versions of report history snapshots Set report processing options and parameters Open model or model-based report in Report Builder and save changes Assign clickthrough reports to enti- ties in a model Customize Report Viewer web part for specific report lease purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Đồng bộ tài khoản