Reporting Services doesn t create its own user account

Reporting Services doesn t create its own user account for system security and instead references existing local or domain accounts and groups defined in the server operating system. Also, members of the local administrators group can always access a Report Server to change site settings no matter what role assignments are set. To ensure that a local administrator does not have rights to highly secure reports, you must secure the reports at the dataaccess level, requiring users to provide credentials to view the report. Best Practices for Protecting Against an Attack Running a report under an account that has very secure permissions exposes your SQL Server to a security threat if the report query contains malicious Transact-SQL statements (for example, statements that create unauthorized logons, modify or delete data, or introduce erroneous data), and the report is run by a user who has very secure permissions on the server that hosts the data source. For example, if an attacker publishes a report that contains a malicious query, the query will be processed under administrator credentials if either of these conditions is present: Figure 13-7: System Administrator role task-level permissions as seen on the Edit System Role page in Report Manager. Chapter 13: Securing Report Server 253

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost JSP Web Hosting services

Bookmark the permalink.

Comments are closed.