Solved

Configuring the database settings on Crystal Server 2011 when credentials use network authentication

Posted on 2013-06-27
6
2,056 Views
Last Modified: 2013-11-15
Internal Audit is requiring all sql server connectivity use network authentication (mixed mode).  How do I configure default database settings for a report in Crystal Server 2011 using network authentication?  Obviously runs fine on my local machine, I simply cannot locate any documentation on configuring on Crystal Server. (well until I submit and then I am sure I will find it all over the place!)
0
Comment
Question by:palmgrl
  • 2
  • 2
6 Comments
 
LVL 26

Accepted Solution

by:
Kurt Reinhardt earned 500 total points
ID: 39293681
This is really weird - I wrote up a big reply to this several days ago, but it's missing :(

Are you saying that each user within the BI Launchpad must use their own network credentials for running reports? If so, you have a few options.

In the Central Management  Console (CMC), you can edit the database configuration for each report (actually, if you use the objects screen, you can select all reports on a page and modify them at the same time).  Under the "When viewing and scheduling report" property, you can choose:

1) Prompt the user for database logon (viewing only) - this will force each user to use his/her own credentials when running a report on demand.  It does not work for scheduled reports.

2)  Use SSO context for database logon (viewing only) - this uses end-to-end Single Sign On, which use be configured using Windows AD authentication. When configured properly, the end user will never be prompted to logon to the BI Launchpad or when viewing a report on demand.  It does not work for scheduled reports.

3)  Use user database credentials for database logon - this requires you to set credentials in each user's properties, which assumes the user has access to only one database or that all databases uses the same credentials. It also requires maintenance, should the password change.

Why do options 1 and 2 only work for viewing on demand?  Because one user's permissions may not be appropriate or sufficient for another's data requirements.  If I schedule a report to run weekly under my credentials then any other user who has permissions to view the historic instances generated by my schedule can see what I have rights to generate.  When scheduling recurring reports, best practices are to use a database service account with non-expiring credentials and the option "Use same database logon as when report is run".

Another choice is to base reports on a semantic layer data source, either a Business View or a Universe. Doing so will allow you to limit data based on Enterprise group membership, effectively doing the same thing as individual database permissions handling.  While Business Views are better for Crystal Reports, in general, they're also old technology and will eventually be deprecated in favor of Universes.  In this release, Business Views are really only supported for the sake of legacy reports.

Attached is a publicly available file for configuring SSO with Windows AD/Kerberos. Please note, this is something I normally do when I install/configure servers for clients and it will involve a network administrator performing actions on a domain controller.
Configuring-Active-Directory-Man.pdf
0
 

Author Comment

by:palmgrl
ID: 39293799
This is specifically to schedule reports to be emailed and not viewed through BI Launchpad or a Universe. If I am understanding you correctly, we indeed need a database service account to run scheduled reports?
0
 
LVL 26

Assisted Solution

by:Kurt Reinhardt
Kurt Reinhardt earned 500 total points
ID: 39293818
What are you using to run reports today?  Network authentication means the credentials need to belong to a windows account.  If this is for scheduling, then you'll need to ensure you're running Crystal Server 2011 under a Windows AD service account (instructions are in the document attached above).  You'll also need to login to the Server under that specific account in order to configure ODBC settings (assuming you use ODBC) in the 32-bit ODBC Administrator to use Windows authentication.  Lastly, you would set the credentials for each report to use the specific Windows account.
0
 

Author Comment

by:palmgrl
ID: 39293881
OK- I think I have it now- sorry- i failed to look close enough at the attachment you provided!  I will get with my domain admin and we will see what we can do!

Thank you so much!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Hi, In my previous Article  (http://www.experts-exchange.com/Database/Reporting/A_15199-Introduction-to-Microstrategy.html)I discussed some basic understanding of Microstrategy that how we can get in Intro of Microstrategy (MSTR). Now it's tim…
Messaging apps are amazing tools with the power to do a lot of good, but the truth is the process of collaborating with coworkers requires relationships established through meaningful communication - the kind of communication that only happens face-…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now