Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Build a User Access Table to Determine Access In SSRS Report

Posted on 2013-01-17
7
Medium Priority
?
374 Views
Last Modified: 2013-02-04
Hi Experts

Technologies: SQL Server 2008 R2 and SSRS Reports rendered using Report Manager

My current client is in the health industry.

We are building a drill-through report that contains sensitive patient data. Therefore we need to control access, the deeper you drill-through the 3 levels the more restrictive it becomes.

Considering there are hundreds of potential users across the county, this will add a huge administrative overhead.

To help share the load, the idea is to build a table that we can populate with every employee and determine their level of access. We can then build a simple front-end so that multiple managers can edit access levels for their respective teams.

Assumptions
We can access all employee data quickly.
Getting the table to interface with SSRS to help determine access levels is the crucial part right now. We can worry about the front-end later.

Questions
Any advice on how best to implement the above solution?
What are the potential challenges and stumbling blocks?
If you had the above challenge, what would you do to solve the problem?

Thanks!
0
Comment
Question by:JohnAeris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 4

Accepted Solution

by:
mcmahon_s earned 2000 total points
ID: 38787043
I have done exactly this same thing in the past. I used the current report users name as the key to the user access table eg. DOMAINNAME\UserId. This can easily be accessed via a default value for a hidden parameter using the built-in field User!UserId and then included in your queries in the WHERE statement.

So the user access table would have the userid and department for example.
DOMAIN\Bob,   Admin
DOMAIN\Bob,   Finance
DOMAIN\Bill,    Admin
DOMAIN\Mary,  Admin

And a query would be something like

SELECT T.data FROM table T
  INNER JOIN UserAccess U ON T.Department = U.Department
WHERE U.UserId=@UserName

Obviously if the department field is not in the table you are looking at you need to find a way to join it to the useraccess table.
0
 

Author Comment

by:JohnAeris
ID: 38800588
Thanks mcmahon_s!

I'm in the process of building the table. Turns out there are over 10,000 users! Will update once I've made progress.
0
 

Author Comment

by:JohnAeris
ID: 38805410
mcmahon_s. where would you put the query you wrote above? How would this stop access to a report?
0
Create CentOS 7 Newton Packstack Running Keystone

A bug was filed against RDO for the installation of Keystone v3. This guide is designed to walk you through the configuration for using Keystone v3 with Packstack. You will accomplish this using various repos and the Answers file.

 
LVL 4

Expert Comment

by:mcmahon_s
ID: 38805683
It doesn't stop access to the report itself, it filters the rows they are able to see on the report. Based on your description above it would only allow them to see the patients they have permission for.
0
 

Author Comment

by:JohnAeris
ID: 38806074
That's the plan! users will be checked against the team information that they can access, if they have permission they can view the rows of data.

So, where do I put the query? Does it live in the dataset?
0
 
LVL 4

Expert Comment

by:mcmahon_s
ID: 38809403
Yes, you need to join the user table to your main query and add the where condition in the dataset for each report.
0
 

Author Closing Comment

by:JohnAeris
ID: 38851387
mcmahon_s: you're a star!

All sorted and working. Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm trying, I really am. But I've seen so many wrong approaches involving date(time) boundaries I despair about my inability to explain it. I've seen quite a few recently that define a non-leap year as 364 days, or 366 days and the list goes on. …
If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question