Client

The client was founded 65 years ago and is one of the largest processors and distributors of scrap and secondary metals in North America.

Need

The client’s requirement was to implement custom authorization for SQL Server Reporting Services, wherein the details of the windows authenticated user will be passed to a customized CheckAccess method of SSRS security extension class to determine whether the user has sufficient rights to access the requested report or not. The CheckAccess method in turn needs to call a stored procedure to check the authorization.

Solution

INDUSA’s scope included customization of the CheckAccess method to implement customized authorization in their existing SSRS instance. INDUSA was involved in extending the authorization process handled internally through CheckAccess method in SSRS which involved calling a stored procedure for determining access rights of the logged in user on a report. It would accept parameters like username, reportpath and reportoperation to verify whether the user has proper rights over the report or not. We were also responsible for the deployment of the customized code to the report server.

The login method was driven by existing default windows authentication. A report server setup already existed on the client side and the configuration of permission tables, like the user roles, catalog and policy tables and related data was carried out by the client. The client provided access to its report server that was required for deployment and training from our end.

Technology

SQL Server 2005, SQL Server Reporting Services