Security for Reports

You can employ two different strategies for managing Reporting Services security, relying on either the user’s logon credential or Windows authentication for a user account you set up for that specific purpose.

By default, the report server uses the user’s current logon credential to authenticate the user. If you need to limit users to certain reports, you can manage their rights with Reporting Services security, granting different levels of access and use as necessary. You can create groups such as Circulation Reports and Acquisitions Reports, grant the group the appropriate rights, and place the user in the appropriate groups, or you can manage the rights on an individual basis, user by user. Note that rights are inherited in Reporting Services. For example, if you grant Browse rights to a group on the Polaris level, the rights also apply to the subordinate folders such as System and Circulation, and to the reports within them. You can delete the inherited rights for a subordinate folder or individual reports as necessary. If a user has no rights to a report, the report is not displayed in the Polaris Reports window in the staff client.

Note:
You can also specify which organizations are displayed for selection as report parameters.

If there is a custom folder at the location /Polaris/Custom in the report root folder, users can right-click a system report in the Polaris Reports window in the staff client, and select Customize from the context menu. The custom report is placed in the Custom folder in the Report Manager, ready for editing. If there is no custom folder at /Polaris/Custom, the Customize menu option and the Custom folder are not displayed in the Polaris Reports window. For more information about customizing reports, see Generating, Sending & Customizing Reports.

Important:
The Polaris staff client uses reports in the Internal folder for many common workflows. All staff client users need Browse rights to the Internal folder.

Alternatively, you can use Windows authentication for accounts you set up for the purpose, instead of the individual staff login credential. Set up appropriate Windows user accounts such as ReportUser and NoticesUser and grant these users the appropriate rights in Reporting Services. In Polaris Administration, set up the Report Server at the system level without Windows authentication, then specify Windows authentication at the branch or staff member level, using the special-purpose user accounts you set up. This is a convenient way to assign the appropriate Reporting Services rights if you do not need to assign rights for specific reports and notices on a person-by-person basis.

Also, the Windows Authentication option allows you to restrict access to reports from the Reporting Services browser, but allow staff with the Polaris Access reports and notices permission to see reports in the Polaris Reports window in the staff client.

Example:
You set Report Services rights for an account called PolarisReports so that the account has browse rights to all reports. Then, in Polaris Administration, you set the Report Server to use Windows authentication, and specify the authentication account as PolarisReports. Since no staff member is PolarisReports, reports are not visible to staff in the Report Services browser, but they are displayed in the Polaris Reports window in the staff client.

Regardless of your security strategy for Reporting Services, staff members (and the workstations they use) need the Polaris permission Access reports and notices to open the Polaris Reports window from the Polaris Shortcut bar in the staff client. For more information about managing Polaris permissions, see Granting Permissions.

See also:

• Specify a server for Reporting Services
• Specify a proxy server for Reporting Services