Security not applied at report level

[bajmming]

Hi,

The DeploySsrs is working well for us and we have our first CD pipeline setup for reports, but I've noticed that security at the report level is not applied. I can apply security at Folder level, but not for individual reports.

In the script it passes in Folder and Name as params to Set-SecurityPolicy, but only Folder is used.

Is this a bug or not supported? I'm happy to submit a PR.

I've attached an example config below...

{
  "Name": "Root",
  "Folders": [
    {
      "Name": "Some general reports",
      "Hidden": false,
      "Reports": [
        {
          "Name": "My report",
          "Hidden": false,
          "FileName": "My Report.rdl",
          "Security": [
            {
              "Name": "mydomain\\someusers",
              "Roles": [
                "Browser"
              ]
            }
          ]
        }
      ]
    }
  ]
}

Cheers,

Ben

[mmajcica]

If security is not applied on the report level, it should be a bug. Considering the following line, https://github.com/mmajcica/DeploySsrs/blob/66777e1d4ff42af10e9f224c74557d82491fecdc/task/ps_modules/ssrs.psm1#L391 I suppose it should be responsible for applying securiti settings over the report. I'm looking at this from my cell phone, thus I may be wrong. If you can test it, and in case make a PR, I'll be more than happy to accept it and publish a new version.

[bajmming]

Sounds good and I'll create a PR soon. I also want to be able to set the Description property for Data Sources, Data Sets and Folders so I'll create a separate PR for that.

[bajmming]

PR submitted.

If you add security at the report level and subsequently remove the permissions then the permissions will not be removed during deployment unless the InheritParentSecurity flag is set to true.

I wasn't sure whether there should be an Else in the code below to automatically apply Parent level security if there are no Roles, but this might cause issues for existing deployments...so seemed better for someone to set InheritParentSecurity explicitly.

For example we could do this?

                if ($RoleAssignments)
                {
                    ...
                }
                else 
                {
                    if(-not (Test-InheritParentSecurity $Proxy $Path))
                    {
                       Set-InheritParentSecurity $Proxy $Path
                    }
                }

[mmajcica]

@bajmming a new version is published.

[bajmming]

Hi Mario, that's great...thanks for publishing so quickly :)