Security Management For authentication, both the Windows integrated and trusted account modes aresupported between SharePoint Server and Report Server.. For example, the SharePoint View
Trang 1Reporting Services Add-In for SharePoint
Report Server DB Report Server ensures that the copy of the reports in Report Server
DB is kept in sync with the master copy in the SharePoint Content DB via a synchronization feature Any metadata associated with the reports such as schedules,subscriptions, and snapshots for report history or report execution is stored only inthe Report Server DB
catalog-Figure 31.1 shows catalog synchronization as a feature in Report Server in SharePoint grated mode This is a background process that is triggered automatically whenever areport item is created, updated, or retrieved It ensures that the copies kept in ReportServer DB are in sync with the SharePoint Content DB
inte-When report items are deleted from the SharePoint site, the Report Server performs odic verification and removes any copies from the Report Server database along with anyassociated report snapshots, subscriptions, and other metadata for the report At dailyintervals, the Report Server runs a cleanup process to verify that items stored in the ReportServer database are associated with a report in the SharePoint Content database Thefrequency of the cleanup process is controlled by the DailyCleanupMinuteofDayproperty
peri-in the RSReportServer.configfile
Security Management
For authentication, both the Windows integrated and trusted account modes aresupported between SharePoint Server and Report Server Figure 31.2 shows how theauthentication information flows between the SharePoint and Report Server
In SharePoint integrated mode, SSRS uses a security extension to maintain report security
in MOSS or WSS SharePoint security features can be used to access report items fromSharePoint sites and libraries Once you integrate Report Server and SharePoint, the exist-ing site and list permissions for your users automatically give them permissions for ReportServer operations For example, the SharePoint View Item permission means the user canalso view reports, whereas the Add Item permission translates to rights for creating new
Windows (Kerberos)User
WSS Web Application with Windows Authentication
Report Server
WSS Web Application (non- Kerberos or Custom Authentication)
Windows (non- Kerberos) User
Non-Windows User
Trusted Account and SharePoint User token
FIGURE 31.2 Security authentication modes
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 2reports, data sources, and report models on the SharePoint site A list of SharePoint
permissions and how they map to Report Server operations is provided in Chapter 33
Deployment Architecture
Prerequisites for SSRS to integrate with SharePoint include the following:
Install SSRS 2008 in SharePoint integrated mode, which is available in the following
editions: Developer, Evaluation, Standard, and Enterprise
Install the same type and version of SharePoint WFE on the Report Server machine
as is on the SharePoint Server that will be used for integration Integration issupported for WSS 3.0 and MOSS 2007 Standard or Enterprise editions If you inte-grate with WSS, install the WSS WFE on the Report Server machine; for MOSS,install the MOSS WFE
Install the RS add-in on each SharePoint WFE that will be used to view and
man-age reports
To plan your system architecture, here are the variations of deployment topologies to
consider:
Single machine: Figure 31.3 shows all SSRS and SharePoint components working
together on the same machine Putting everything on a single computer may not bepractical for an enterprise production deployment, but it is attractive in a develop-ment or testing environment to save costs (for example, hardware and softwarelicensing costs)
Distributed servers: It is common to separate the application server and database
server on separate machines even for a single instance of SSRS or SharePoint Server
RS Add-in
RS Server RSDB
Flat Files, OLE DB, ODBC
SQL, AS, DB2, Oracle, Teradata, etc.
MOSS or WSS Report Server
Report Catalog Reporting Data
Single Box
FIGURE 31.3 Single-machine deployment of SSRS and SharePoint
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 3Scalable deployments: To support a large number of users or workloads, multiple
instances of the same server component can be deployed, such as multiple ReportServers or multiple SharePoint sites (also called a SharePoint farm) Figure 31.4 shows
a series of computers being used for SSRS scale out and a series of computers beingused for a SharePoint farm NLB in Figure 31.4 stands for network load balancer Theentire SharePoint farm must be configured to use a virtual Report Server URL as asingle point of entry Individual SharePoint sites in a farm cannot be configuredagainst different Report Servers SSRS does not provide load-balancing features or theability to configure a virtual server URL out of the box Therefore, a hardware orsoftware load-balancing solution must be used
SummarySSRS SharePoint integration is enabled via deep database and security integration betweenReport Server and SharePoint via the Report Server SharePoint integrated mode An RS add-
in is required to be installed on the SharePoint web application to view and managereports and to interact with SSRS All user actions are initiated via the SharePoint UI, whichuses a proxy to communicate with Report Server and complete any actions on report items
A variety of deployment topologies can be picked for integration between SharePoint andSSRS, such as single machine, distributed servers, and scalable deployments
SQL, AS, DB2, Oracle, Teradata, etc.
NLB
RS Server + SharePoint WFE
RS Server + SharePoint WFE
RS Server + SharePoint WFE
RS Add-in SharePoint WFE
RS Add-in SharePoint WFE
RS Add-in SharePoint WFE
Report Catalog Reporting Data
SharePoint and SSRS Scaled Out
FIGURE 31.4 Multiple-machine deployment in a scale-out farm
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 4This page intentionally left blank
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 5Upgrading from SSRS2K5 SP2
Scaling-Out Deployments
Troubleshooting
The preceding chapter covered deployment architectures,
which can help you to decide whether to integrate
SharePoint with Reporting Services on a single machine,
distributed servers, or scalable farms
Traditionally, you can launch Microsoft software
installa-tion by clicking setup.exewithout much planning and
troubleshoot if something goes wrong Customers have
found that installation and configuration of the integration
between SharePoint and Reporting Services can be hard to
troubleshoot There might also be additional steps needed
to configure your specific deployment environment
Therefore, we highly recommend that you spend some time
planning the list of tasks for your integrated deployment
before you actually start installation
The recommended order for setup and configuration is as
follows:
1 Install Reporting Services
2 Install SharePoint
3 Configure Report Server for SharePoint mode
4 Install the RS add-in for SharePoint
5 Configure SharePoint to work with Report Server
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 6NOTE
Basic (default) installation of SharePoint Server will install an Embedded Edition of SQL
Server that is used for storing the SharePoint Content and Configuration databases If
you are installing SharePoint Server and Reporting Services on the same machine,
note that Reporting Services cannot use the Embedded Edition of SQL Server for
stor-age You will have to install a database engine from the SQL Server CD along with
Reporting Services
Installing Reporting Services
Follow the steps from Chapter 6, “Installing Reporting Services.” Step 10 and Figure 6.9
show how to specify the installation mode on the Reporting Services Configuration page
To pick the default configuration for SharePoint integrated mode installation, select the
Install the SharePoint Integrated Mode Default Configuration option This option will
configure the Report Server web service, Report Server database, the service account, and
connections needed for access
An alternative is to pick the Install, but Do Not Configure the Report Server option This is
called a Files Only mode of installation This will require post-installation configuration
steps that provide more opportunities to pick URLs, port numbers, and names for web
services and databases
Installing SharePoint
You can do a fresh install of Windows SharePoint Services 3.0 (WSS) or Microsoft Office
SharePoint Server 2007 (MOSS) or use existing SharePoint deployments to integrate with
Reporting Services Refer to tutorials or books on WSS and MOSS for information about
topics such as administration of SharePoint farms For many readers, you are likely to have
existing installations of WSS or MOSS, and your SharePoint administrator can help you
with the integration tasks
If you are installing a new SharePoint Server, you can reduce the number of database
engines to manage by reusing the SQL Server 2008 database you just installed with SSRS
2008 as your storage location for SharePoint
NOTE
If your deployment topology includes installing the Report Server and SharePoint Server
on separate machines, remember to install a SharePoint Web Front End (WFE) on the
Report Server computer, too The WFE type and version should be the same as on the
SharePoint Server (WSS or MOSS) that you are integrating with SSRS Follow steps 1
through 3 described in the instructions to set up WSS 3.0
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 7Configuring Report Server in SharePoint Integrated Mode
Here are the basic steps to set up WSS 3.0 to use for reporting integration:
1 WSS 3.0 is available as a free download as a setup file called SharePoint.exe.Download it and launch SharePoint.exe
2 Click the Advanced installation type and select Web Front End
3 To configure the WFE, use the SharePoint Configuration Wizard If you are installingjust a WFE on the machine, choose the Connect to an Existing Server Farm optionand you should be done
4 To continue to set up a new SharePoint Server, choose the Create a New ServerFarm option
5 Pick the database server where the SharePoint Configuration database should live
Note that if you have installed SSRS 2008 already, you can try to use the same base as Reporting Services You will need to specify Windows account credentials forWSS to connect to the database We recommend using a domain account
data-6 Create a web application and site collection via the SharePoint CentralAdministration application
7 From the Application Management tab, click the Create or Extend Web Applicationlink and choose Create a New Web Application
8 Choose the Use an Existing IIS Web Site option to use the default website
9 Choose to Create New Application Pool and select the Network service account asthe security account for the application
10 Click the Create Site Collection link on the Application Created page and pick aname for the portal site
11 Enter a Windows domain account as your primary site collection administrator Anew site collection is created with a top-level site (for example, http://servername)
12 If you want, you can create a new subsite (for example, reports) from the top-levelsite using the Site Actions drop-down menu on the top right Now
http://servername/reportsis ready to host any documents (in this case, reports)
Configuring Report Server in SharePoint Integrated Mode
You can use the Report Server Configuration tool to create a Report Server database inSharePoint integrated mode and configure the Report Server Service
Chapter 34, “Tools Support for SSRS Integrated with SharePoint,” is about using tools withSharePoint mode, and Figure 34.3 shows the Report Server Database ConfigurationWizard, which you can use to create the Report Server database in SharePoint mode
Note that you have to configure the Report Server Service to run under a domain account
if Report Server and application databases are on one computer and the SharePoint webapplication is on another computer Chapter 33, “SharePoint Mode Administration,”
provides more information about security
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 8FIGURE 32.1 SharePoint Central Administration: Reporting Services management
Installing the RS Add-In for SharePoint
Go to www.microsoft.com/downloads and search for “Reporting Services add-in for
SharePoint.”
NOTE
There are multiple versions of the SSRS add-in You need to download the 2008
Reporting Services add-in for SharePoint for the language of your choice Version
10.00.2531.00 released on April 7, 2009 is the most current update and includes the
Report Builder 2.0 Click Once update (www.microsoft.com/downloads/
details.aspx?displaylang=en&FamilyID=58edd0e4-255b-4361-bd1e-e530d5aab78f)
Run the rsSharePoint.msion each SharePoint Web Front End (WFE) that is part of your
SharePoint farm and will be used to run and manage reports Doing so requires SharePoint
farm administrator privileges
Configuring Report Server Integration Via
SharePoint Central Administration
Launch your SharePoint 3.0 Central Administration and click the Application
Management tab (see Figure 32.1)
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 9Configuring Report Server Integration Via SharePoint Central Administration
If the RS add-in for SharePoint was properly installed and activated, you should see asection for Reporting Services with the following links: Grant Database Access, ManageIntegration Settings, and Set Server Defaults If you don’t see these links, navigate to SiteActions, Site Settings, Site Collection Features, and find Report Server Integration Feature
in the list and click Activate (see Figure 32.2 and Figure 32.3)
FIGURE 32.2 SharePoint Central Administration: Site Collection Features
FIGURE 32.3 SharePoint Central Administration: Activate Report Server Integration Feature
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 10ptgFIGURE 32.4 Reporting Services Application Management: Manage Integration Settings.
FIGURE 32.5 Reporting Services Application Management: Grant Database Access
Once the Reporting Services section shows up under Application Management, you can
use the various links under it to configure SharePoint to talk to Report Server
First, click Manage Integration Settings (see Figure 32.4) In the first field, you can specify
the Report Server web service URL, which represents the target Report Server in SharePoint
mode This is the same value as the web service URL from the Reporting Services
Configuration tool The second field is a drop-down choice for authentication mode
(between Windows authentication or trusted authentication), which can be selected based
on what type of authentication mode is used for the SharePoint web application
Now, click Grant Database Access (see Figure 32.5) to allow the Report Server Service to
access the SharePoint Configuration and Content databases Specify the Report Server
name and database instance name When you click OK, a pop-up dialog will request
credentials for connecting to the Report Server
The last link under Reporting Services Application Management is Set Server Defaults (see
Figure 32.6)
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 11Report History Default: The ability to limit the default number of snapshots that
can be stored for each report
Report Processing Timeout: The ability to time out report processing after certain
number of seconds
Report Processing Log: The ability to generate trace logs for report processing.
Enable Windows Integrated Security: The ability to connect to report data
sources with the user’s Windows security credentials
Enable Ad Hoc Reporting: The ability to control whether users can perform ad
hoc queries from a Report Builder report If this is not set, the Report Server will notgenerate clickthrough reports for reports that use a report model as a data source
Custom Report Builder Launch URL: The ability to specify the launch URL for
the Report Builder that ships with SQL Server 2008 or Report Builder 2.0
If you are using a SharePoint farm or a scale-out reporting deployment topology and don’twant to repeat these configuration steps manually on each server, you can use SSRSprogrammability to create configuration scripts Chapter 33 shows a code sample of how
to do that
FIGURE 32.6 Reporting Services Application Management: Set Server Defaults
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 12Upgrading from SSRS2K5 SP2
If you were already using Reporting Services 2005 SP2 in SharePoint integrated mode, you
can upgrade the 2005 SP2 Report Server to 2008, and you can also do an in-place upgrade
of the 2005 SP2 Reporting Services add-in for SharePoint with the 2008 version
Scaling-Out Deployments
Here are some security account prerequisites for multiple-server deployments:
Create or use an existing domain user account to connect the SharePoint WFE to the
SharePoint Configuration database Server farms require that you use domainaccounts for services and database connections Otherwise, you will get AccessDeniederrors
Create a SQL Server database login for the domain account with DBCreator
permissions
Configure the SharePoint application pool process account to run as a domain user
Configure the Report Server Service to run as a domain user account
Traditional steps for setting up SharePoint farms (refer to SharePoint documentation or
books) and scale-out Reporting Services can be applied Here are some additional
princi-ples that have to be followed for SSRS scale-out deployments with SharePoint:
All Report Servers in a scale-out deployment must run in SharePoint integrated
mode It is not possible to mix and match modes
The instance of the SharePoint product (WSS 3.0 or MOSS 2007) that you install on
the Report Server must be the same version as the other nodes in the farm
There must be a single URL for the scale-out deployment that is used for
configura-tions in SharePoint farms because there is no support for configuring an individualSharePoint WFE with individual Report Servers You can create a single point ofentry to the scale-out deployment via a URL that resolves to a virtual IP for the NLBcluster for Report Server instances
Make sure you install the minimum SharePoint installation such as WFE on the SSRS
machines Otherwise, you will see the error The Report Server cannot access settings
in the SharePoint Configuration database
NOTE
SQL Server Books Online has a helpful article available titled “How to Configure
SharePoint Integration on Multiple Servers” (http://technet.microsoft.com/en-us/
library/bb677365.aspx)
There is also a helpful blog post on distributed server deployment for SharePoint
inte-grated mode at http://mosshowto.blogspot.com/2009/03/reporting-services-share
point-multiple.html
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 13(installa- Problems on domain controllers: If the “Grant database access” step fails with Anew member could not be added to a local group because the member has thewrong account typeerror, make sure your Report Server services accounts aredomain accounts on a domain controller Otherwise, you will get an error when youtry to add the account to the local WSS_WPG group.
Problems installing the RS add-in for SharePoint: If you see User does nothave permission to add feature to site collection, locate the installation logcreated by the RS add-in MSI in the Temp folder (<Drive>:\Documents and
Settings\<user_name>\Local Settings\Temp\RS_SP_<number>.log) You should beable to locate log entries such as the following:
Activating feature to root site collection: <sharepoint_site_collection>
******* User does not have permission to add feature to site collection:
➥<sharepoint_site_collection>
This means that the RS integration feature was installed, but the feature might not
be activated for the <sharepoint_site_collection>, because the user who ran theMSI was not a site collection administrator To view the RS integration feature in thesite, you need the site collection administrator to activate the Report Server feature
1 Install Reporting Services
2 Install SharePoint technology
3 Configure Report Server for SharePoint mode
4 Install the RS add-in for SharePoint
5 Configure SharePoint to work with Report Server
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 14This page intentionally left blank
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 15SharePoint Mode Administration
IN THIS CHAPTER
Security Overview
User Authentication withSharePoint
Windows Integrated Security
Trusted Account with Windows
Installation and configuration of Reporting Services
inte-grated with SharePoint is more than half the challenge for
administration
Here is a basic checklist that you should have completed
during installation:
Install a SharePoint Web Front End (WFE) on the
Report Server machine
Install the Reporting Services add-in on the
SharePoint Server
Activate the Report Server feature in SharePoint
Central Administration
Create or point to a Report Server database in
SharePoint integrated mode via the Reporting ServicesConfiguration tool
Configure Report Server integration via SharePoint
Central Administration
If you did not complete any of those steps, refer for
instruc-tions to Chapter 32, “Installation of Reporting Services
Integrated with SharePoint.”
The other challenges for administration are security,
autho-rization, and programmability The rest of the chapter
covers these areas
Security Overview
For SharePoint integrated mode, the Report Server uses the
authentication and authorizations defined in the
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 16SharePoint web application to control access to report operations This makes
administra-tion much simpler and primarily driven by the SharePoint administrator
Reporting Services will process requests based on the SharePoint web application
authenti-cation settings, such as the following:
Windows with integrated security (Kerberos enabled)
Windows without impersonation
Forms authentication
Kerberos is better compared to NTLM when multiple hops are required So, it is good for
single-server or multiserver deployment scenarios and when external data sources are
involved that use Windows integrated credentials
Custom security extensions for Reporting Services are not supported with SharePoint
integrated mode All access to a Report Server in SharePoint Integrated mode originates
from the SharePoint web application Report Server just sticks to the SharePoint
authenti-cation scheme
Authorization to access Report Server items from SharePoint sites and libraries is mapped
to the built-in permission model for SharePoint This means that after SharePoint is
inte-grated with Reporting Services, the existing permission levels of SharePoint users (for
example, Read, Contribute, or Full Control) for the site will apply to report operations,
too This allows users to publish reports, view reports, create subscriptions, or manage
report items such as data sources
Reports (.rdl), report models (.smdl), and report data sources (.rds) are SharePoint
docu-ment library items One of the various menu actions available on these report items is
Manage Permissions This enables users to set individualized permissions on report items
and is described further in Chapter 36, “Managing Reports in SharePoint.”
User Authentication with SharePoint
Reporting Services process requests are based on the SharePoint web application
authenti-cation settings Two basic authentiauthenti-cation workflows are used between SharePoint and the
Report Server:
Windows integrated security
Trusted account
So how do you choose between Windows integrated or trusted account authentication?
Use the Windows Integrated option for Kerberos-enabled environments and in single-box
deployment scenarios Use Trusted Account mode for forms-based authentication,
Windows authentication when impersonation is not enabled, and other scenarios If you
are having trouble setting up Kerberos, consider using Trusted Account mode to at least set
up and verify that RS integration with SharePoint works After you have fixed your
Kerberos issues, you can choose to switch to using Windows integrated For help with
Kerberos, see the section on setting up Kerberos authentication
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 17Windows Integrated Security
An understanding of the various security connections that are involved in completing areporting request from a SharePoint site comes in handy when planning or troubleshoot-ing security for your deployment
Windows Integrated SecurityFigure 33.1 shows the authentication workflow for a SharePoint application that is config-ured to use Windows integrated security and is integrated with Reporting Services Thecomponents in the diagram should be familiar from the chapter on the architecture ofSharePoint integration with Reporting Services 33
To understand the various connections involved in the workflow, follow the numberedarrows in Figure 33.1:
1 Windows User1 makes a request to render a report from the Report Viewer web partvia SharePoint
2 The Reporting Services proxy connects to Report Server using the Windows User1credentials and token
3 If the connection is successful, Report Server needs to verify whether User1 haspermissions to access and render the report This is done by connecting to theSharePoint object model to verify the SharePoint permissions for User1 for the report
4 If access is allowed, the Report Server proceeds to render the report
5 Report Server will use the User1 credentials to retrieve and sync the latest copy ofthe report from the SharePoint Content DB and then execute the report
6 The report results are sent back to be displayed in the Report Viewer
RESPONSE
(User1)
HTTP Rsp
SharePoint WFE Report Server
(Service Acct = User2)
Report web part
Security Extension
SharePoint Object Model
SSRS Proxy
3
Report Server DB SharePoint Config/ContentDB
Data Management
Processing and Rendering
Demand Sync
On-FIGURE 33.1 Authentication workflow using Windows integrated security
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 18Trusted Account with Windows or Forms
Authentication
Figure 33.2 shows the authentication workflow for a SharePoint application that is
config-ured to use forms authorization or Windows without Kerberos It relies on a predefined
trusted account that has permission to impersonate a SharePoint user on the Report Server
To understand the various connections involved in the workflow, follow the numbered
arrows in Figure 33.2:
1 Windows User1 makes a request to render a report from the Report Viewer web part
via SharePoint
2 The SharePoint web application authenticates User1 against the SharePoint object
model and creates a SharePoint user token that contains the user identity and groupmembership for User1
3 The Reporting Services proxy connects to Report Server using User2, the trusted
Windows service account under which the SharePoint web farm is running, andsends along the User1 SharePoint user token
4 The Report Server validates whether the connection request is from a trusted
account by comparing User2 to account information that the Report Server retrievedfrom the SharePoint Configuration databases when the Report Server started
5 If the authentication is valid, the rendering request can proceed along with the
User1 SharePoint user token
6 Report Server needs to verify whether the User1 SharePoint token contains the user
identity and permissions needed to access and render the report
User1
(User1) HTTP Req
(User1) HTTP Req Token)
Render (User1 SP Token)
(User2)
(User1) HTTP SOAP
RESPONSE (User1)
User1 Sharepoint Token HTTP Rsp
SharePoint WFE Report Server
(Service Acct = User2)
Report web part
SharePoint Object Model
Security Mgmt
SharePoint Object Model
SSRS Proxy
Data Management
Processing and Rendering
Demand Sync
On-FIGURE 33.2 Authentication workflow using trusted account authorization
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 19under- Visitors: This group has the Read permission level Visitors can view reports and
create subscriptions
Members: This group has the Contribute permission level Members can create new
reports, models, report data sources, and other report items in SharePoint or publishthem from design tools to SharePoint
Owners: This group has Full Control Owners can create, manage, and secure all
report items and operations
Another way to look at it is to map traditional Reporting Services roles from native mode
to SharePoint groups:
Content Manager: This role has full permissions to all items and operations This
can be mapped to the Owners group in SharePoint
Publisher: This role allows adding and editing of reports, models, and data sources.
This can be mapped to the Members group
Browser: This role allows viewing reports and managing individual subscriptions.
This can be mapped to the Visitors group
Report Builder: This role allows viewing reports, managing individual
subscrip-tions, and opening and editing reports in Report Builder The Members and Ownersgroups provide these rights, but they provide other privileges, too If you don’t wantyour Report Builder users to have those privileges, you can create a custom group inSharePoint and assign limited permissions
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 20System User, System Administrator, My Reports: These roles don’t have an
equivalent mapping because they are not relevant in SharePoint mode
Table 33.1 is a reference list of SharePoint permissions, regardless of whether they are
included in default SharePoint groups, and the Report Server operations that get enabled
with the permission
TABLE 33.1 SharePoint Permissions
data sources, and external imagefiles to SharePoint librariesCreate shared data sourcesGenerate report models fromshared data sources
Start Report Builder and create anew report or load a model intoReport Builder
Edit Items X X Edit or replace report, model, data
source, and dependent reportitems
Create report history snapshots orview past versions of reporthistory snapshots
Set report processing options andparameters
Open model or model-based report
in Report Builder and savechanges
Assign clickthrough reports to ties in a model
enti-Customize Report Viewer web partfor specific report
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 21Programmability
ProgrammabilitySimple Object Access Protocol (SOAP) endpoints are available to enable developers todirectly program against Report Server:
ReportService2006.asmx: Enables developers to programmatically manageobjects on a Report Server that is configured for SharePoint integrated mode
ReportExecution2005.asmx: Enables developers to programmatically executereport objects on a Report Server in either native or SharePoint mode
ReportServiceAuthentication.asmx: Provides classes for authenticating usersagainst a Report Server when the SharePoint web application is configured for formsauthentication
These web services are used by the official Reporting Services tools, too
The Reporting Services 2008 Windows Management Instrumentation (WMI) provider hasbeen updated to work in SharePoint integrated mode, and you can use it to configure andmanage Report Server programmatically
TABLE 33.1 Continued
SharePointPermission
DeleteItems
shared data sources from libraryView
Items
OpenItems
X X X View a list of shared data sources
View clickthrough reports that use
a report modelDownload a copy of the source filefor report definition or reportmodel
ViewVersions
X X X View past versions of a document
or report snapshotsDelete
Versions
docu-ment and report snapshotsManage
Trang 22Configuration Code Sample
Chapter 32 described the steps that can be carried out via the SharePoint Central
Administration to configure Report Server integration Here is a sample of the three steps
for configuration done via code
public static extern NET_API_STATUS NetLocalGroupAddMembers(
string serverName,string groupName,int level,LOCALGROUP_MEMBERS_INFO_3[] buf,int totalEntries);
[StructLayout(LayoutKind.Sequential)]
public struct LOCALGROUP_MEMBERS_INFO_3
{[MarshalAs(UnmanagedType.LPWStr)]
public string strRSServiceAccount;
}public enum NET_API_STATUS
{NERR_Success = 0,ERROR_MEMBER_IN_ALIAS = 1378,}
static void Main(string[] args)
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 23Configuration Code Sample
{try{// 1 Manage Integration settings// Setting the URL and Authentication TypeSPRSServiceConfiguration rsConfig =SPFarm.Local.Services.GetValue<SPRSServiceConfiguration>
SPWebServiceCollection svcColl = new SPWebServiceCollection(SPFarm.Local);
foreach (SPWebService svc in svcColl){
foreach (SPWebApplication app in svc.WebApplications){
app.GrantAccessToProcessIdentity(strRSServiceAccount);
}}// b) Add RS Service Account to “WSS_WPG” Windows groupLOCALGROUP_MEMBERS_INFO_3[] LgMIArr = new LOCALGROUP_MEMBERS_INFO_3[1];
LgMIArr[0].strRSServiceAccount = strRSServiceAccount;
NetLocalGroupAddMembers(““, “WSS_WPG”, 3, LgMIArr, LgMIArr.Length);
// 3 Set Report Server defaultsReportingService2006 RSService = new ReportingService2006();
Console.WriteLine(exp.ToString());
}
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 24Setting Up Kerberos Authentication
Kerberos is an authentication protocol that provides mutual authentication between
clients and servers and between servers and other servers It is considered more secure,
flexible, and efficient than NTLM
You must have already enabled Kerberos on your SharePoint farm or single-server
installa-tion
Here are the steps to enable SSRS for Kerberos authentication:
1 Create a service principal name (SPN):
setspn.exe –A HTTP/SSRS_Server domain\RS_Service_Login
For more information about registering SPNs for RS, see http://msdn.microsoft.com/
en-us/library/cc281382.aspx
2 Enable Trust for Delegation
3 Open Active Directory (AD) as a user with domain administration rights For SPNs,
find the account and computers, click Properties, and choose Trust ThisUser/Computer for Delegation to Any Service (Kerberos) from the Delegation tab
4 In the RSreportServer.configfile, set up authentication to be Negotiate:
5 Try to connect to Report Server from the client machine If you have problems
con-necting, enable Kerberos logging to see what is going on with the client machine Toenable Kerberos logging, refer to http://support.microsoft.com/kb/262177
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 25Summary
SummaryAdministration focuses primarily on installation and configuration of the integrationbetween Reporting Services and SharePoint After the system has been set up, authentica-tion and authorization are the key ongoing administration tasks Reporting Services inSharePoint integrated mode maps to SharePoint authentication providers and permissionsmodels authentication between SharePoint and Report Server is carried out via Windowsintegrated security or via a trusted Windows account (depending on how SharePoint isset up) Standard SharePoint groups such as Owners, Members, and Visitors providesupport for some of the default roles for Reporting Services Individual SharePoint permis-sions can be mapped to users or custom SharePoint groups for finer-grain control onreport operations
For developers, Reporting Services provides a couple of SharePoint-specific web services forSharePoint forms-based authentication and for managing Report Server objects in
SharePoint mode The web service for executing reports is the same for Report Server innative mode and SharePoint integrated mode
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.