Wednesday, April 11, 2012 2:07 PM
We want to start using windows accounts for sql server. The account MyDomain\ReportingServicesUser has (at least) read access to databases to be used for reports. My understanding is that the reporting services windows service is what connects to the databases for the report data.
My first question is: Should the windows service run under the MyDomain\ReportingServicesUser account?
My second question is: If so, what group memberships and/or rights should the MyDomain\ReportingServicesUser account have?
Friday, April 13, 2012 5:48 AM
Please provide the version of Reporting Services. For SQL Server 2012, see http://msdn.microsoft.com/en-us/library/ms143504.aspx, this has details about all the SQL Server components, and the recommended service accounts with permissions.
Check the other versions of this topic for detailed explanation about the permissions that are set at the database level, and filesystem.
Hope this helps..
Any documentation bug? Tell us about it at Connect. Please feel free to add any community comments in any of the MSDN/technet articles.
This posting is provided "AS IS" with no warranties, and confers no rights.
Friday, April 13, 2012 11:18 AMModerator
In Reporting Services, the Report Server Windows Service is the central service which hosts the Report Server Web service, Report Manager, and background processing application.
Question 1: If you are deploying Reporting Services on a production server, it is recommended that you configure the service to run under a domain user account so that you can avoid widespread damage if a shared account is compromised by a malicious user. It also makes it easier to audit the logon activity for this account. If the Reporting Services in a network that uses Kerberos authentication, you must register the service with the Windows domain user account. For more information, see
- Configuring the Report Server Service Account
- Register a Service Principal Name (SPN) for a Report Server
When defining a report server database connection, if the report server and the report server database are installed on the same computer, you can use a local account. Otherwise, you must use the domain account. You can use the service account and Integrated Security. For more information, please refer to Configuring a Report Server Database Connection.
To view and reconfigure service account information and report server database connection, please always use the Reporting Services Configuration tool. When switching the account type, you will be prompted to create a backup copy of the encryption key. The backup copy will be restored automatically when you select the new account.
Question 2: In the local system, the Windows domain user can be a member of the Administrators group. In the Database-Level, you can grant the fixed database-level roles to the domain user account based on your requirement. For the details information about all the Database-level roles, please see Database-Level Roles.
If you have any questions, please feel free to let me know.
- Marked As Answer by Bill Swartz Friday, April 13, 2012 8:51 PM