Thursday, March 29, 2012

DBA Dilemma

We have a little dilemma with our DBA staff regarding reporting services and
using a general account, we call RSAdmin, for executing stored procs in the
background and bringing back the results via Reporting Services.
Our DBA is suggesting that we stay away from a general account like this
because of the implicit security that is associated with it. Our argument to
them is that if we start granting by individual, then that will make their
job even that much more complex and the maintenance on that is a nightmare
with people moving and quitting, etc..
Has anyone experience issues like this and how did you go about resolving
them.
Any answer is GREATLY appreciated and Thanks in advance.
wnfisbaI do not ever use the account of the person running the report. I have a
generic account say Reports (I run in mixed mode). This account is only used
for reports and is readonly. When I have a stored procedure it gives this
account execute permissions. This is very clean and is definitely not a
security hole. What user sees what is controled by who is given rights to
what report. So I control that at the Report Server.
Another advantage of this is that this allows connection pooling. Connection
pooling requires the connection to be exactly the same. If the connection is
for a different user then there will be a new connection created (or perhaps
multiple connections) per user running a report. Connection pooling both
puts less strain on the database server and it improves your performance.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"wnfisba" <wnfisba@.discussions.microsoft.com> wrote in message
news:C576900D-1F8B-4DA6-B3EE-7F1642B034B4@.microsoft.com...
> We have a little dilemma with our DBA staff regarding reporting services
> and
> using a general account, we call RSAdmin, for executing stored procs in
> the
> background and bringing back the results via Reporting Services.
> Our DBA is suggesting that we stay away from a general account like this
> because of the implicit security that is associated with it. Our argument
> to
> them is that if we start granting by individual, then that will make their
> job even that much more complex and the maintenance on that is a nightmare
> with people moving and quitting, etc..
> Has anyone experience issues like this and how did you go about resolving
> them.
> Any answer is GREATLY appreciated and Thanks in advance.
> wnfisba

No comments:

Post a Comment