cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
pvuppala
Frequent Visitor

Security Automation tasks using Reporting Services PowerShell

Hello,

I am trying to automate some security tasks for ReportServer using Reporting Services Tools as mentioned in this link.

https://github.com/microsoft/ReportingServicesTools

 

Its great to be able to bulk add users to Home folder and create any folder/subfolders via PS script (New-RsFolder) but I'm wondering if there's a way to disable parent inheritance.  We have so many user/groups that we dont want for all folders so we end up Deleting all users except Admin roles on any new folder manually.

Is there anyway we can disable the parent inheritance via PS script?  Or is there any option to bulk Revoke (Revoke-RsCatalogItemAccess) all roles for a new folder and keep the Admin users, Right now we go to security tab manually and check all and uncheck admin roles to delete.  Its too slow to delete each role via script, (we have over 500 +or so foreach loop isn't really the best way to remove)

 

Please help!!

 

Thank you!

-Pawan

2 ACCEPTED SOLUTIONS
d_gosbell
Super User II
Super User II

If you look at the source code for Revoke-RsCatalogItemAccess here https://github.com/microsoft/ReportingServicesTools/blob/master/ReportingServicesTools/Functions/Sec...

 

It is actually getting the full list of access roles using $proxy.GetPolicies, then removing the specified identity, then pushing the new access list back using $proxy.SetPolicies

 

So you could use this same pattern to just can $proxy.SetPolicies once and pass in your admin user(s)

 

I'd make sure to test this well on a non-production folder first to make sure you get this working properly.

View solution in original post

pvuppala
Frequent Visitor

This is what I ended up doing, seems fairly simple to take policy from a dummy folder that I need the way security on any new folder that we create.

$proxy = New-WebServiceProxy -Uri $ReportServerAsmx -UseDefaultCredential ;

$Policies = $Proxy.GetPolicies($ItemPath, [ref]$InheritParent)

$Proxy.SetPolicies($ItemPathToSet, $Policies)

 

Thank you so much!

View solution in original post

2 REPLIES 2
pvuppala
Frequent Visitor

This is what I ended up doing, seems fairly simple to take policy from a dummy folder that I need the way security on any new folder that we create.

$proxy = New-WebServiceProxy -Uri $ReportServerAsmx -UseDefaultCredential ;

$Policies = $Proxy.GetPolicies($ItemPath, [ref]$InheritParent)

$Proxy.SetPolicies($ItemPathToSet, $Policies)

 

Thank you so much!

View solution in original post

d_gosbell
Super User II
Super User II

If you look at the source code for Revoke-RsCatalogItemAccess here https://github.com/microsoft/ReportingServicesTools/blob/master/ReportingServicesTools/Functions/Sec...

 

It is actually getting the full list of access roles using $proxy.GetPolicies, then removing the specified identity, then pushing the new access list back using $proxy.SetPolicies

 

So you could use this same pattern to just can $proxy.SetPolicies once and pass in your admin user(s)

 

I'd make sure to test this well on a non-production folder first to make sure you get this working properly.

View solution in original post

Helpful resources

Announcements
PBI User Groups

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Get Ready for Power BI Dev Camp

Power BI Dev Camp - June 24th

Mark your calendars and join us for our next Power BI Dev Camp!