Wednesday, March 28, 2012

Manage Individual Subscriptions task problem, cannot edit email address

Hi,

The Browser role has the task Manage Individual Subscriptions. Fine, the user can create a subscription. The problem is that the reportserver populate the email address text box with the Windows User ID and does not let the user change this to put his email address instead. The text box is greyed out.

I found that to enable the text box I have to add the task Manage all subscriptions to the role "Browser".

This is a major security problem because with this setting any user can edit any subscription.

I suspect that I could work at the Active Directory level to populate a field that would in turn populate the email address with the correct data., however this is not an option for me. I have absolutely no way to do it or get it done. Does anybody has an idea on how I could allow a user to edit his email address in his subscriptions and not let him tamper with other users subscriptions?

Thanks

Philippe

Actually, you don't need to grant the Manage All Subscriptions task to the user. There is a setting called SendEmailToUserAlias in the rsreportserver.config file that you can modify to allow users to type in an email address/list of addresses. Defaul it set to True, you can set it to False to enable this field for your users.

Also, there are a couple of other settings you might want to set at that time. The DefaultHostName element determines what host is appended if only an alias is supplied. If none is specified, the mail server determines that setting (if it's an Exchange server it resolves to known mail boxes). The other one that's useful is PermittedHosts. It limits to which hosts users can send e-mails. For example, at Microsoft, we might only include microsoft.com in the list. That way reports are not sent to hotmail addresses.

-Lukasz

See below for the Email Delivery extension element.

<RSEmailDPConfiguration>
<SMTPServer></SMTPServer>
<SMTPServerPort></SMTPServerPort>
<SMTPAccountName></SMTPAccountName>
<SMTPConnectionTimeout></SMTPConnectionTimeout>
<SMTPServerPickupDirectory></SMTPServerPickupDirectory>
<SMTPUseSSL></SMTPUseSSL>
<SendUsing>2</SendUsing>
<SMTPAuthenticate></SMTPAuthenticate>
<From></From>
<EmbeddedRenderFormats>
<RenderingExtension>MHTML</RenderingExtension>
</EmbeddedRenderFormats>
<PrivilegedUserRenderFormats></PrivilegedUserRenderFormats>
<ExcludedRenderFormats>
<RenderingExtension>HTMLOWC</RenderingExtension>
<RenderingExtension>NULL</RenderingExtension>
<RenderingExtension>RGDI</RenderingExtension>
</ExcludedRenderFormats>
<SendEmailToUserAlias>True</SendEmailToUserAlias>
<DefaultHostName></DefaultHostName>
<PermittedHosts></PermittedHosts>
</RSEmailDPConfiguration>


This posting is provided "AS IS" with no warranties, and confers no rights.

|||

I followed the directions above in a current release of SSRS and it does NOT work. The only way I could get the user permission to set their own email address was to grant the Manage All Subscriptions task to the user.

I'm still testing the other two settings mentioned above.

Definitely kind of screwy when you grant the Manage Individual Subscriptions task to the user that they are unable to change the email address. And our AD situation does not allow creating email addresses corresponding to the user ID. I wonder if MS expects it to work based on Exchange integrated with AD.

No comments:

Post a Comment