Report Writing Access

Kjersten Schladetzky $organization over 16 years ago

We have a power user in a department outside of IT looking for the ability to write reports and publish them to our Tessitura test environment. Has anybody done this and, if so, what tools (Infomaker, Crystal, SSRS, etc...) are they using? On the SQL side have you had to give them SA access? What pitfalls have you run into?

Thanks for any advice you can give!

Parents

Jon Ballinger $organization over 16 years ago

Hello,

When we started using sql server reporting services, I played around with the report builder tool. This tool allows users to create there own reports based off of pre existing data sets.

Jon
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
Chuck Reif $organization over 16 years ago in reply to Jon Ballinger

I would just like to point out that there's really no reason for any user to have SA access to the database. You can create as many logins as necessary with all the proper permissions without going as far as giving SA rights. I would highly recommend that approach.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Reply

Chuck Reif $organization over 16 years ago in reply to Jon Ballinger

I would just like to point out that there's really no reason for any user to have SA access to the database. You can create as many logins as necessary with all the proper permissions without going as far as giving SA rights. I would highly recommend that approach.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Children

Revanth Anne $organization over 16 years ago in reply to Chuck Reif

Hi Chuck,

I have a concern regarding this, I have tried creating different SQL Logins with different permissions .However if the same person also wants access to security, I guess I need to give him SA password anyway.

Thank you,

Revanth Kumar Anne.

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Chuck Reif
Sent: Monday, December 21, 2009 6:19 PM
To: Revanth Anne
Subject: Re: [Tessitura Technical Forum] Report Writing Access

I would just like to point out that there's really no reason for any user to have SA access to the database. You can create as many logins as necessary with all the proper permissions without going as far as giving SA rights. I would highly recommend that approach.

From: Jon Ballinger <bounce-jonballinger5072@tessituranetwork.com>
Sent: 12/21/2009 3:22:13 PM

Hello,

When we started using sql server reporting services, I played around with the report builder tool. This tool allows users to create there own reports based off of pre existing data sets.

Jon

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
Chuck Reif $organization over 16 years ago in reply to Revanth Anne

Take a look at the Security Administration document. In section 1.A. there are directions for creating a SQL Server login that can access security but can not do any of the truly damaging things that a user with full SA rights can do, like completely dropping your database. I would urge everyone to think very carefully about granting SA access to your database server. Even actual administrators should only login with SA rights in case where it is really needed. For daily work they should be using a different login which limits their ability to do damaging things. It's even worse if you are actually giving the true SA password to multiple people. If you do that and something bad happens, then there would be no way to figure out who actually caused the problem. Always remember the security principle of Least Privilege. Further, the Tessitura PCI overview has specific instructions to disable the generic SA account in SQL Server as this generic account is one of the primary security vulnerabilities.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
Revanth Anne $organization over 16 years ago in reply to Chuck Reif

Thank you very much.I will go through the documentation.

Revanth Kumar Anne.

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Chuck Reif
Sent: Monday, December 21, 2009 7:14 PM
To: Revanth Anne
Subject: Re: [Tessitura Technical Forum] RE: Report Writing Access

Take a look at the Security Administration document. In section 1.A. there are directions for creating a SQL Server login that can access security but can not do any of the truly damaging things that a user with full SA rights can do, like completely dropping your database. I would urge everyone to think very carefully about granting SA access to your database server. Even actual administrators should only login with SA rights in case where it is really needed. For daily work they should be using a different login which limits their ability to do damaging things. It's even worse if you are actually giving the true SA password to multiple people. If you do that and something bad happens, then there would be no way to figure out who actually caused the problem. Always remember the security principle of Least Privilege. Further, the Tessitura PCI overview has specific instructions to disable the generic SA account in SQL Server as this generic account is one of the primary security vulnerabilities.

From: Revanth Anne <bounce-revanthanne9441@tessituranetwork.com>
Sent: 12/21/2009 5:27:33 PM

Hi Chuck,

I have a concern regarding this, I have tried creating different SQL Logins with different permissions .However if the same person also wants access to security, I guess I need to give him SA password anyway.

Thank you,

Revanth Kumar Anne.

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Chuck Reif
Sent: Monday, December 21, 2009 6:19 PM
To: Revanth Anne
Subject: Re: [Tessitura Technical Forum] Report Writing Access

I would just like to point out that there's really no reason for any user to have SA access to the database. You can create as many logins as necessary with all the proper permissions without going as far as giving SA rights. I would highly recommend that approach.

From: Jon Ballinger <bounce-jonballinger5072@tessituranetwork.com>
Sent: 12/21/2009 3:22:13 PM

Hello,

When we started using sql server reporting services, I played around with the report builder tool. This tool allows users to create there own reports based off of pre existing data sets.

Jon

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel