SSRS Microsoft Reporting Services-由于用户权限而在报表创建过程中可能出现问题？

Question

I'm bumping my head with a strange issue that i'm having while generating reports, this is the scenario:

Created a report with two image inside and both are "external" links with two different parameters (img01 and img02 both text) that point to the image location on the SSRS database like this:

img01 - /images/img01.jpg
img02 - /documents/images/img02.jpg

For the parameter img01 is definded a default value containing the "link", for the img02 the image path is required every time the report is executed.

The idea is to invoke via a stored procedure (xp_cmdshell) the rs.exe command with a .rss config file for rendering the report as a .pdf, which is not a problem since I already have all the info on this part.

What's happening...

a. if i execute the report via browser (ssrs interface so without automatic rendering) there are no problem both images are displayed and if I insert a wrong path for the img02 the small red "X" apperas

b. if i take the string generated from the stored procedure that invoke the rs.exe command and i launch it in a CMD shell, the report is generated in a .pdf file, both images are displayed and if I insert a wrong path for the img02 the small red "X" apperas

c. i launch my stored procedure so now xp_cmdshell is in charge of running the rs.exe command, at this point the report is generated in a .pdf file but only the img01 (the one with the "default link") is visible; img02 either if the path is correct or it isn't I always have the red "X"

-- command used
set @cmd = 'rs.exe -i C:\try.rss -s http://url/reportserver -v img02=' + @img02 + ' -e Exec2005 -l 600'
insert @output (output) exec @rc = <database>..xp_cmdshell @cmd

[TO BE PRECISE the full sequence of point C is the following
1- php page that connects to the database as admin (sa)
2- call of the stored procedure (rs.exe)
3- report generation
I omitted the php part since the outcome is the same either i run the stored from php or directly from management studio.]

I tried to change security permissions on "rs.exe" granting full access to "NT SERVICE\\MSSQLSERVER" but nothing changed.

I tried to run xp_cmdshell with a "proxy_account" (not sure on this if i did all the thing in a correct way, i never played with this kind of things and all the "how-to" seems a little bit sketchy) but nothing changed.

If anyone have any idea on the matter would be really appreciated :) (also if it's a potential security threat, at least i can start from somewhere).

In case you need more details or something in my description feels sketchy please tell me, I will try to be more complete.

Regards, F.

Answer 1

I would abandon the use of rs.exe, due to all the issues you are encountering.

Instead in Report Manager I would define a New Schedule (via Site Settings / Schedules).

Then I would add a Subscription for the report which renders in PDF. I would attach that Subscription to the New Schedule defined previously.

Then I would change the stored procedure to call the SSRS procedure AddEvent, eg

-- Execute a Shared Schedule: DECLARE @ScheduleID UNIQUEIDENTIFIER DECLARE @ScheduleName AS VARCHAR(128) = 'My SharedSchedule Name' -- Get the Schedule identifier SET @ScheduleID = (SELECT ScheduleID FROM ReportServer.dbo.SCHEDULE WHERE NAME = @ScheduleName) -- pass the Schedule identifier to the Event insert procedure EXEC ReportServer.dbo.AddEvent @EventType='SharedSchedule', @EventData=@ScheduleID

Ref:

http://www.sqlblog.nl/2013/10/dynamic-refresh-ssrs-cache-using-sql/

Answer 2

I finally figured out which was the issue. All the images that were not displayed in the report and passed via "parameter" where dynamically generated using an external source and then uploaded to the ssrs "Catalog" table via a stored procedure. When I parametrize all the information for uploading the image to the ssrs database, I also need to specify a field that defines the security properties for the single file. So if, very basically and shame on me, the folder is browsable/editable by (eg) admin and guest but the file security is set only for admin then the image will not be displayed in the report. The column that refers to this property in the ssrs database is "PolicyId" contained in the "Catalog" table of the reporting database.

In the end what I did, was change the security properties of an existing file with the admin and guest permissions copy the numeric code generated in the "PolicyId" column and every time the stored procedure that creates this image runs I attach this code to the field, preserving the security policies for the file.