cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Hide reports or pages to users

Hello,

 

I need very important help about a report server instance.

 

This server is used by a lot of people. They all open a report where RLS allow them to see only some data. I have some special users who must see some more information, completely hidden to the previous "not-special" ones, who must not even know they exist.

 

So, I think I have 2 choices:

  • I create only a report for everybody where some of the pages are hidden to the common users and are visible only to the special ones
  • I create a separated report with the information reserved for the special users.

 

I don't think the first one is possible, I read I can't hide pages to users within a report. So, I think I need to choose the second one, but I don't know how to hide the report to the common users. They must not know it exists.

 

I'd hear any other proposal with pleasure, of course. It's a do-or-die aspect I need to fix.

 

Thank you so much for your help.

 

Nick

1 ACCEPTED SOLUTION
stpnet
Impactful Individual
Impactful Individual

Apologies that was bit of a rubbish explanation

 

When you deploy/save a PBIX form PBI Desktop you get to browse the folders on your PBI-ReportServer.

 

You can create folders on your PBI-ReportServer using the web front end. Usually http:\\yourservername\Reports\

 

You could create a folder called MyReportSubjectArea and then inside that folder create another folder called MyReportSubjectAreaSuperUsers. You can set security at folder level so restrict the MyReportSubjectArea  folder to your main users and MyReportSubjectAreaSuperUsers to the more restricted set o users (we use AD groups to do this as it's way easier to add people to AD groups than adding and removing individual users via the SSRS web front end. (SSRS is the underlying server tech for PBI-ReportServer)

 

If you don't have any permissions on a folder you don't see it and can't access the contents even if someone sends you a link.

 

This page is about configuring SSRS security

 

https://docs.microsoft.com/en-us/sql/reporting-services/security/grant-user-access-to-a-report-serve...

 

 

View solution in original post

8 REPLIES 8
stpnet
Impactful Individual
Impactful Individual

Yeah. I think you need a separate report. In a separate folder in SSRS with its own security group/restrictions. This is just simpler to manage, though you may well need to copy logic across the reports...

Anonymous
Not applicable

Hi @stpnet  and thanks for your answe.

 

Sorry I still don't understand what SSRS is. For what I know, you mean I need to create in PBIRS a separate folder with the special report? And there you tell me I can set security restrictions? What would my common users see? They see the folder but can't open it? Or what else?

 

Thank you very much

 

Nick

stpnet
Impactful Individual
Impactful Individual

Apologies that was bit of a rubbish explanation

 

When you deploy/save a PBIX form PBI Desktop you get to browse the folders on your PBI-ReportServer.

 

You can create folders on your PBI-ReportServer using the web front end. Usually http:\\yourservername\Reports\

 

You could create a folder called MyReportSubjectArea and then inside that folder create another folder called MyReportSubjectAreaSuperUsers. You can set security at folder level so restrict the MyReportSubjectArea  folder to your main users and MyReportSubjectAreaSuperUsers to the more restricted set o users (we use AD groups to do this as it's way easier to add people to AD groups than adding and removing individual users via the SSRS web front end. (SSRS is the underlying server tech for PBI-ReportServer)

 

If you don't have any permissions on a folder you don't see it and can't access the contents even if someone sends you a link.

 

This page is about configuring SSRS security

 

https://docs.microsoft.com/en-us/sql/reporting-services/security/grant-user-access-to-a-report-serve...

 

 

View solution in original post

Sorry @stpnet 

 

I accepted your answer as a solution as I thought it would work, but now I am in trouble again with the same issue. Hope you read my topic once again. I create a folder with my "public" report and then in this folder I create another folder with the "more private" report. I have 2 users: the first is system administrator and has every possible roles in both folders, so he can visualize everything, the second one instead has no role in site settings, he has no roles in folder management too, he just has a row-level role in the "public" report where he sees what's right for him, while he can open the "private" report but no data is shown.

 

It's not good to me, I need the second user not to see the second folder with the private report at all!!

 

Pray you or someone can help me.

 

Thank you so much

stpnet
Impactful Individual
Impactful Individual

Create a new role (site settings security). Add your sysadmin to this role. Now "manage" the "private folder" you created and customise its security so only the new role has access.

 

Your sysadmin shoudl be able to see the folder, your other login shouldn't. Add your other login to the role and the folder shoudl appear for them. Remove them and it shoudl vanish. Sometimes you have to kill the browser to get the fresh permissions as some of this stuff gets cached.

 

regards

 

S

Thank you @stpnet 

 

Well it doesn't work or I didn't understand your hint.

I can create a new system role, but it depends on what activities I allow it on Reporting Services. Then, where should I add my sysadmin to this role? In Site settings on Report Server on in SQL? I don't know if you mean my super user on Power BI Report Server or SQL sysadmin. I don't even know how to manage the private folder so that only new role has access, as well. I thought I need an item level role, or not?

 

Thank you once again.

 

Nick  

stpnet
Impactful Individual
Impactful Individual

Sorry that was obviously a poor explanation. I can't produce a more detailed guide with screen shots at the moment as I'm no longer working with PBI on premise at my new company and haven't got access to an instance here.

 

It's basically the same as SSSR server so these two links should point you in the right direction.

 

http://www.andrewmosey.com/hiding-ssrs-folders-from-users

 

https://www.youtube.com/watch?v=d2E6B3TTUYg

 

The video is an older version of SSRS so looks pretty different but the fucntionality/approach is the same.

 

This is all about the users on the PBI ReportServer. So you need to log on as that user on a client machine and browse to the PBI ReportServer as that user to see the effect. If you're an admin on the PBI Report Server you get to see pretty much everything all the time.

 

regards

 

Steve

 

stpnet
Impactful Individual
Impactful Individual

We actually use AD groups for this. So we assign the AD group to the role in SSRS/PBI-SSRS and then assign users into the AD group. But for testing it using a specific user login will work. It just gets difficult to maintain with lots of user

Helpful resources

Announcements
PBI User Groups

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group!

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Are You Ready?

Test your skills now with the Cloud Skills Challenge.

Top Solution Authors