Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Web CMS (TeamSite)
Crystal Report Security
ihssimon
This is a question regarding the Crystal report security. Basically, to run the reports, the user must access Crystal Reports and log in as the Worksite schema owner (username: 'worksitemp'). We want to set up other Worksite users to log in with their own accounts to do this. In other words, we don't want to give ordinary users access to an database admin account just to run reports. Does anyone know how we can do this? Any ideas would be very appreciated.
Simon
Find more posts tagged with
Comments
dbguy
To do what you want, you will have to create additional users in your database server and grant them at least read access to the Worksite database. The specifics of how you do that depend on the DB vendor (Oracle or Microsoft).
There are at least three major issues:
1. Security: if your users get a hold of a SQL client, they will have access to ALL information in the library. If you set it up wrong, they will be able to modify and delete data.
2. Performance: some reports are DB intensive. Having users run them at their will may impact performance of the web app or desktop integration. If they get a hold of a SQL client, they may accidentally (or intentionally) lock rows and even full tables in the DB; this would create all sorts of weird behavior in the server.
3. Support: this is not the intended use of the reports and is neither recommended nor supported by Interwoven. If you run into problems because of it, you will be on your own.
If you still want to do it, let me know which DB server you are using and I can help you with setting up the users.
ihssimon
This is actually a good idea. I understand your concerns. You know we use the worksitemp schema user account (worksitemp) to log on to the database when generating the reports. That is the way how the Worksite reports set up. This is even more dangerous because the worksitemp account is schema owner. If users get a hold of a database client and log on as worksitemp, they can do everything to the database. Let me know if I'm wrong.
We use SQL Server. I seem know how to set up a new user account and assign read only access rights. But if you can provide information/instruction on this, that would be helpful.
Thanks for the help,
Simon
dbguy
I agree, giving out the worksitemp password is really dangerous.
Anyway, here is how I would add the users: in SQLServer Enterprise Manager, go to your server->Security->Logins. Right click on the right pane, select New Login... Enter user info in the "General" tab. Go to the "Database Access" tab, check the worksite database, check db_datareader in the roles. Click OK. Done.
