Security in SQL2005RS reports (project server)

[scubaal]

We have run into a serious concern regarding the security of reporting
within project server.
The reports we have built to date in our test environment are based on
an initial lookup, from which the user choose a project to report
upon.

the sql query is:

SELECT * from MSP_EpmProject_UserView

unfortunately this doesn't seem to take any account of the security
attached to any project - with the consequence that *any* user that
can run the report can see ALL projects.

This is a major issue for us. One of a our primary business
requirements is that users can only see data from project that they
have access to (eg project manager or team member).

We cannot deploy a solution that allows anyone to report on any
project.

We know that project server itself honours its security because each
user gets a different view inside 'Project Center' - with only the
projects they have access to showing up.

How do we ensure that this caries through to the reports designed
within SQL2005RS?

 

[Marc Soester [MVP]]

When using Reporting Services to create reports, you will need to handle
security in Reporting Services. There are several options. You can manage the
security within Reporting Services if you use AD for user group
sycxronisation. The AD user groups equal the Project Server user groups and
you could say "only the PM user group can access this report".

If you want to have "more fancy" report selections wherby a PM can only see
his projects, you will need to incorporate PSI calls. If you are after that I
would recommend using the Project Server Developer user group.

I hope this helps