Understanding Code Access Security in Reporting Services
The Microsoft® .NET Framework provides a rich security system that can run code in tightly constrained, administrator-defined security contexts. The .NET Framework system that secures code is referred to as code access security (or evidence-based security). Under code access security, a user may be trusted to access a resource, but if the code the user executes is not trusted, access to the resource will be denied.
Security based on code, as opposed to specific users, permits security to be expressed for custom assemblies or data, delivery, rendering, and security extensions that you develop for Reporting Services. Your extension code may be executed by any number of users of Reporting Services, all of which are unknown at development time. The custom assemblies or extensions that you develop require specific security policies in Reporting Services. These security policies are represented as types in the .NET Framework. For a more complete understanding of code access security in the .NET Framework, see "Code Access Security" at this Microsoft Web site.
The following table describes the topics in this section:
|Introducing Code Access Security in Reporting Services||Introduces code access security and policy configuration for custom assemblies and extensions in Reporting Services.|
|Why Reporting Services Needs Code Access Security||Explains the reason for Reporting Services implementation of code access security.|
|Understanding Security Policies||Describes the various assembly types in Reporting Services and how code access security affects code permissions.|
|Using Reporting Services Security Policy Files||Describes the different Reporting Services components and the corresponding policy configuration files.|