Commerce Server Reports
To enable Business Desk users to run reports, you must ensure that they have the appropriate database access permissions and the appropriate Business Desk user interface permissions.
Business Desk Permissions
Static Reports
Dynamic Reports
Business Desk Permissions
Use the Business Desk Permissions module to grant and deny Business Desk users permission to run Analysis reports. You can secure areas of Business Desk Analysis so that specific reporting functions are available only to selected users or user groups.
For example, you can disable the .gif "Ee825086.run(en-US,CS.20).gif")
button in the Reports module so that a group of users cannot run dynamic reports in Business Desk.
The only default Business Desk user account is the BizDesk administrators group. Upon installation of a Business Desk application, this group account initially consists of the users in the Administrators group for the Web server on which the Business Desk application is installed.
A member of the BizDesk administrators group has all permissions, and can add other users and give them new report permissions. New report permissions enable users to create new reports and save reports.
.gif "Ee825086.important(en-US,CS.20).gif")
Important
New report permissions enable a Business Desk user to save SQL report queries to the Data Warehouse. These queries will be run by anyone who runs the report. Even if users creating the report do not have permissions to run the report query directly, they can still save the report to the Data Warehouse.
Users with higher SQL permissions could run the query by running the report, without realizing that they could be running a potentially damaging query. This should be considered when determining who will be granted new report permissions.
Static Reports
To generate static reports, the Report Manager, a report-rendering component, runs on the SQL Server computer and accesses the required Data Warehouse tables for the static reports. Business Desk users do not directly access the Report Manager.
The Report Manager runs under the local account. This security context allows the Business Desk application to run reports, without specifying additional permissions for IIS, which could compromise security.
Important
- For static reports to run, you must assign the db_owner role in the Data Warehouse database for the account specified in the Commerce Server Report Manager COM+ component. For instructions, see Changing the Report Manager Account.
- Additional permissions are required to export static reports to List Manager. For more information, see Permissions Required to Export Static Reports and Segments to List Manager.
Dynamic Reports
To enable Business Desk users to run dynamic reports, you must configure the SQL Server database client-side connection string (connstr_db_Analysis) with permissions that allow Business Desk users to access the Data Warehouse tables and views referenced in the dynamic report queries.
The SQL Server database client-side connection string is used only by the PivotTable in the dynamic reports to query the report data.
Important
- The SQL Server database client-side connection string (connstr_db_Analysis) resides on the Business Desk client, and Business Desk users can access it by viewing the source when a dynamic report renders. This is why you must use Windows Authentication so the password is not in clear text. Users will still be able to view the name of the Analysis Server, and explore the full possibilities of their access, so it is important that you secure all the OLAP databases on the server.
- By default, any member of the Windows domain of the server where OLAP resides will have Select permissions on the Commerce Server 2002 OLAP cubes.
See Also
Scripts for Securing Databases Accessed by Reports
Copyright © 2005 Microsoft Corporation.
All rights reserved.