none
One doubt about Reports and Business Inteligence: RRS feed

  • Question

  • Hi all,

    A few months ago, I set up a Project Server, and now I have a question about reporting and business intel.

    I configured everything as this how-to postulates: http://technet.microsoft.com/en-us/library/ee662106.aspx

    In summary, I have a user goup "report authors" with read permissions to the report DB. I have also a "Report viewers" group that is set as member in the secure storage application preferences.

    And people in authors group get an access/permissions error when accesing to reports, and viewers have no problem.

    Thinking about how all this reports configuration is configured ( viewers member is secure storage app -> secure storage app is running under secure storage AD user account -> Secure storage account is member of authors group -> authors group have read permission for Reports DB), maybe something is missing in that how to... If I add Authors group to  secure storage app members, they get access, but that's not what that how to postulates...

    The final scenario I want to get is that the Authors can view, create and edit reports, and viewers just view reports.

    Any idea of what I'm missing? Thx a lot!

    Friday, October 7, 2011 10:34 AM

Answers

All replies

  • Hi there,

    Report authors that also need to view reports in the web will also need to be a member of the Report Viewers AD group.

    I wrote a blog post on the authentication that might be helpful to you:

    http://pwmather.wordpress.com/2011/07/25/projectserver-2010-excel-excel-services-report-authentication-ps2010-epm-sharepoint-sp2010/

    Thanks

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com
    Friday, October 7, 2011 11:04 AM
    Moderator
  • Thank you very much.

    But... How is controlled who can create and who only can view the reports? Using groups like "Group member" or "Project Manager"?

    Remember, I want that Report viewers only can view the reports, and the Report Authors should be able to create them too.

     

    Thanks!

    Tuesday, October 11, 2011 6:59 AM
  • Hi Daniel,

    It is permissioned via the AD security groups, please see the example below:

    PM1 (should be able to create reports and view reports)

    TM1 (should only be able to viewreports)

    To achieve this add PM1 to both the Report Authors AD group and the Report Viewers AD group, only add TM1 to the Report Viewers add group.

    Also make sure that the Project Server security group that PM1 is in has "View OLAP data" allowed so that they can access to OLAP cube to create reports.

    Hope that helps

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com
    Tuesday, October 11, 2011 7:35 AM
    Moderator
  • Thanks you a lot, PWMather. I really apreciate your advises and your deeply knowledge of Project Server.

    Just one more question: What if TM1 is in Report Viewers AD Group, but also in "Project Managers" Project Server security group, wich has the "View OLAP Data" option active?

    I could try, but I prefer to know how things works instead of trying randomly ;)

    Thanks again.


    PS: I know how to check the "View OLAP Data" option, but I cannot find the ProjectServerViewOlapDataRole in SQL management. Where is located? I tryed in general SQL server and Project_reporting DB roles, but isn't in there.
    Tuesday, October 11, 2011 8:11 AM
  • In the scenario above with TM1, TM1 would also be able to create Excel reports against the cube but not the Reporting database.

    To check the ProjectServerViewOlapDataRole, open SQL Management Studio and connect to Analysis Services (not the database engine), expand databases then expand the cube database, you will see Roles, expand Roles and you will find the ProjectServerViewOlapDataRole there :)

    Thanks

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com
    Tuesday, October 11, 2011 8:21 AM
    Moderator