Configuring Server Security
This section provides information about system security settings that are in effect for a report server. Reporting Services uses Internet Information Services (IIS) and Windows security to authenticate users to a report server. Each user who requires access to a report server must have a valid Windows user account or be a member of a Windows group account. You can include accounts from other domains as long as those domains are trusted. The accounts must have access to the Web server hosting the report server, and must be subsequently assigned to roles in order to gain access to specific report server operations. For more information about role-based access, see Using Role-Based Security.
Trusted and single domains are a requirement for passing Windows credentials. Unlimited passing of credentials only occurs if you enable Kerberos V5 for your servers. If Kerberos is not enabled, credentials can only be passed once before they expire. For more information about configuring credentials for multiple computer connections, see Best Practices for Authenticating Server and Data Source Connections.
The following table describes the topics in this section.
|Configuring Web Host Security for a Report Server||Describes the security functionality provided through IIS and ASP.NET that is the basis for report server security.|
|Limiting the Number of Open Connections||Explains how to mitigate a denial of service attack by limiting the number of open connections.|
|Best Practices for Authenticating Server and Data Source Connections||Provides recommendations on how to configure accounts and credentials in a mixed server environment.|
|Securing Reports for Global Access||Recommends specific strategies for enabling report access over an Internet connection.|