report Model security issue

Question

Hi,

I am trying to use a very easy and simple feature of a reportmodel, model item security.

In my example i have two users; HGH\John and HGH\JKooi

I want to test if I am able to restrict access in the model to a whole entity. HGH\JKooi shouldn't be able to see the entity 'Customers'.

These are the steps I executed:

1. In Sqlserver management studio I opened the properties of my model and navigated to the tabpage 'model item security'.

2. I activated the option 'secure individual model items...'

3. In the root of the model I declared two users(groups) as specified above

4. Automatically all nodes inherit these settings from the root.

5. For the entity 'Relations' I change the default, by selecting 'use these roles for each group or user account'

6. I removed HGH\JKooi from this list, leaving only 'HGH\John as model item browser

What I expected at this moment is that when I login the system as HGH\JKooi, then I won't see this entity, but I still can! Does anybody know a solution to this problem?

---

Thanks, Jed deng

Answer 1

Hi Jeddd,

When applying model item security, you must create at least one role assignment on the root node. This initial role assignment on the root node becomes the new source of inherited permissions. The role assignment on the root node is automatically inherited by all items in the model hierarchy. For more detail information about Model Item Security, please see:
http://msdn.microsoft.com/en-us/library/ms187575(v=sql.100).aspx

Besides, here has a link about how to secure items in a report model step by step, please see:
http://msdn.microsoft.com/en-us/library/ms156505(v=sql.105).aspx

Hope this helps.

Regards,
Charlie Liao

Answer 2

I have already gave these two users to root

3. In the root of the model I declared two users(groups) as specified above

---

Thanks, Jed deng

Answer 3

Hi Charlie,

Could you please follow top steps to reproduce this issue? Does it work well in your side?

---

Thanks, Jed deng