Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
anupagrawal77
Regular Visitor

Custom Authorization in Power Bi Report Server

‎08-09-2018 10:52 PM

I need to implement custom security in reporting services. I have followed the standard example here:

https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample



I got authentication to work without too many problems, and it authenticates by querying my custom table. I want to also maintain my authorizations in the same manner. I want to be able to define in my own tables that user test1 has permission to view reports 1, 3, 5, and 8. User test2 can view reports 1,3,5,8, and 9. User test3 can view 1, 2, and 4. Etc.

The authorization extension, contained in my version of Authorization.cs is where I expected to be able to do this. I wanted to be able to write code that queries my own tables and says, "does this user have permission to view this item?" Getting the this user portion is easy as is obvious in the many checkAccess methods. But being able to tell what item I am currently dealing with has proved impossible from the context of Authorization.cs, which implements IAuthorizationExtension. Knowing what type of item I am dealing with is obvious, but I need to know something that uniquely identifies the exact item I am dealing with.

How can I determine in checkAccess or any of the other available methods what "thing" they are looking at? What can I examine to determine that for instance this particular authorization request is against "Report 1"? It seems that if I was allowed to completely override Authentication to use my tables, I should be able to override Authorization to do the same. Is this possible or am I missing something?

Labels:
Message 1 of 2
1,404 Views
0
1 REPLY 1
Anonymous
Not applicable

‎12-06-2018 01:09 PM

I have the same issue.  I am trying to get the name of the item from the CheckAccess methods and then use authorization data not stored in in report server database to authorize the request. 

 

Based on this post, it looks like this is no longer possible.  

https://social.technet.microsoft.com/Forums/en-US/f474ba23-7e8d-4c6b-ad41-b2327956226b/sql-2016-repo...

 

Has anyone found a way to get the name of a resource from AceCollection passed to the CheckAccess methods?

Message 2 of 2
1,309 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All