index > Team Foundation Server - Reporting > How to prevent users from viewing other projects when creating qu...

How to prevent users from viewing other projects when creating qu...
We have 3 projects on TFS, Project A, B, and C for example. Members of Project A should not be able to see anything about B or C, not even the names of the projects.

I've figured out how to prevent showing "project information" from TFS. However the other projects still show up in reporting services. I went to Reporting Services configuration and could not figure out how to add a Deny View permission.

Is there any way to do this?
Darrell Norton

Unfortunately I do not know of a way to restrict query permissions based on a users project membership. The, for example, work items for all projects are stored in a single table - if a user has read access to it they can query any other project's work items.

You can set the individual access permissions for Reports, Folders, and/or Data Sources.
From Report Server -> http://localhost/Reports
Select the Properties "tab" then Security from the menu on the left.

Nick Ericson - MSFT

Hi Darrell,

As you've figured out, the permissions in TFS Projects dont translate into permissions for looking at information in the warehouse. You would have to configure permissions directly on the different components.

There are a few levels of security here:
Reporting Services
Analysis Services
SQL Server

They interact as following:
1. User clicks on report
2 . The report uses the TFSReport user credentials to fetch data from the Analysis Services (all in-box reports except Load Test Summary) or SQL Server
-- The TFSReport user has read permission on everything in the TFSWarehouse sql database and the Team System cube in Analysis Services. You can see this in the Roles node underneath the databases in SQL Management Studio.

TFS:
There is msdn info on TFS Permissions here:
http://msdn2.microsoft.com/en-us/library/ms253094.aspx
I'm seeing that we're missing details on how to configure the warehouse for the scenario you're talking about.


Reporting Services:
As long as someone has access to the Report Server, they can use the the data sources TFSReportDS and TFSOlapReportDS to access all information in the cube - this is because they connect to SQL and Analysis Services with the TFSReport account. You can configure different data sources for different projects and have each data source have specific permissions on AS and SQL.

Analysis Services:
I think you may be able to restrict information at the cell level in Analysis Services. This is AS BOL on Security:
http://msdn2.microsoft.com/en-us/library/ms174517.aspx

You can contact the SQL Analysis Services team at this forum for more detailed questions: http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=83&SiteID=1

SQL Server:
I'm not sure about SQL - you can post the question on their forum:
http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=93&SiteID=1

SQL also has a security forum:
http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=92&SiteID=1

Please let me know if you need help figuring this out, and we can figure it out together.

Mauli

Mauli Shah - MSFT
I don't know if it was one of the links above, but I found another post on these forums that says it is not a feature that is available in v1.

Bummer.

What we've decided to do is name our projects with codenames so that the subcontractors in our TFS at least can't guess what the project is by its name.
Darrell Norton

Hi Darrell,

Sounds like you have found a good workaround. This is an issue that we will look at for future versions. I'd appreciate it if you could tell me more about your requirements when you get a chance: mauli.shah@microsoft.com(donotspam)mauli

Mauli Shah - MSFT
reply 5

You can use google to search for other answers

 

More Articles

Print reports without preview
Daily wise resource allocation in MS Project
problems passing parameters to subreport
custom views in TFSWarehouse
Can't find links between Work item and test in the TfsWarehouse
TFS and Reporting Services - Domain vs. Local Users
Adding Data Region to existing items
How do I 'hide' a deleted item so it doesnt get counted in TFS me...
Reports against Version Control
Passing new parameters to Microsoft VB.Net Report(.rdlc)
Welcome to Bokebb   New Update   Joins the collection  
 

New Articles

Nothing happens when pressing the Report…
TfsWarehouse Database not updated with a…
cube versus warehouse
Error exporting reports from Reporting S…
Reports for all current active projects
Report server error
Hoe to create an hyperlink column
How do i edit or delete reports?
How to create report on custom defined p…
Error Executing reports
Setting for URL in Reporting services
Render and Create PDF File directly from…
Create Report Problems
Adding Data Region to existing items
TFS Report Error

Hot Articles

Quality Indicators Report
Scenarios With No Tasks
Reporting Services Hidden Lines
Passing new parameters to Microsoft VB.N…
Issues List is not working
Recreate Reports
Datawarehouse, how can I do?
How to create report on custom defined p…
date current state was set
code churn - ignore binary files?
Creating an OLTP datasource for writing …
How to recreate the TFSWarehouse Databas…
Report server error
Edit reports from Agile process template?
Another TFS Warehouse problem...

Recommend Articles

How to force Repository Refresh?
URL for the 50 standard TFS reports
Passing new parameters to Microsoft VB.N…
How to update 2005 report definitions to…
Bug Rates Report - Getting very weird re…
custom views in TFSWarehouse
Checkin Policy Override Report
Problem accessing TFSwarehouse using OLA…
ReportServer asking for username and pas…
TFS and Reporting Services - Domain vs. …
Can't find "Comments" of my ma…
Date validation
How do I create a new QA Report in Team …
An attempt has been made to use a data e…
urgent: Connection Problems
index |  sitemap         Powered by xichy{at}163.com