Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

Report Server Admin Security issue

‎08-20-2019 06:00 AM

I have posted this in the Ideas section as well incase it is a bug, but i want to ask it here as well. If that is no allowed, ill remove this one.

 

I am running an instance of Power Bi Report server on a server here with the following versions.

  • Report server - Version 1.4.7024.16477 (January 2019) 
  • Sql Server 2017

I have found a scenario where if i remove a user's System Adminstrator access, they are still able to access the "Site Settings" section oif the portal, and from there, can see all the sections, General, Branding Schedules and Security sections. Most of the pages take steps to secure itself against this, for example even though the user can see Branding, it protects itself against the users by hiding all the buttons.

Sys User Branding.PNG

For the Security section how ever, these users are able to access the page, and interact with it as if they had the System Adminstrator role.

 

I have checked the Reporting Database for the dbo.UserRolePolicies table and it reflects what is shown through the UI, so the non-admin users in the Portal also do not show as an Admin in the database.

 

Is there some system config issues i am missing or is the a bug with security in the portal itself?

Labels:
Message 1 of 4
1,201 Views
0
3 REPLIES 3
d_gosbell
Super User
Super User

‎08-28-2019 09:24 PM

Was the user already logged in when you removed them from the admin group? A lot of the pages in the PBIRS portal are cached. If I had the portal open as a test admin user, then removed that user from the admin role I could still see site settings, but as soon as I refreshed my browser page this option dissappeared (with the May 2019 release). I could get to the General and Branding pages by typing in the URL, but could not make any changes. My hope is that any attempt to save changes should be blocked on the server.

 

As soon as I attempt to directly access the security page with a non-admin using the May 2019 release I get the dialog on the right 

2019-09 pbirs security.png

Message 2 of 4
1,141 Views
0
sheetalshettiga
Helper IV
Helper IV
In response to d_gosbell

‎04-01-2020 12:43 AM

hello all,

Even though i do not assign any role to particular user of same domain in security they can login and view my reports in report server .How can I deal with such situation in security role.please help me with this.

Message 4 of 4
674 Views
0
Anonymous
Not applicable
In response to d_gosbell

‎09-05-2019 05:43 AM

Thanks for the reply. I tried your scenario in the version im running i am able to use the url to navigate to branding and general admin pages. It looks like this was resolved in the may release

Message 3 of 4
1,085 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All