How to deny access to a specific user who is in the 'Everyone' group?
Hi!
This should be simple, but I can't seem to get it to work. I need to deny access to a specific user in our organization to our Reporting Services implementation.
The current model assigns 'Content Manager' to 'BUILTIN\Administrators' and 'DOMAIN\SSRS_Admin'. The model assigns 'Browser' to 'Everyone'.
I would like to disable access for one specific user: 'DOMAIN\baduser'.
I've played with role assignments and assigning baduser to a limited access role, but I can't figure out how to do this. Anyone help?
Thank you!DJAnsc
August 31st, 2012 9:47am
Hi DJAnsc,
From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let
me know.
Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference:
Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser".
Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting
Access" part of the following blog:
How to Create Advanced Firewall Rules in the Windows Firewall
Regards,
Mike Yin
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.Mike Yin
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2012 6:33am
Hi DJAnsc,
From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let
me know.
Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference:
Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser".
Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting
Access" part of the following blog:
How to Create Advanced Firewall Rules in the Windows Firewall
Regards,
Mike Yin
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.Mike Yin
TechNet Community Support
September 3rd, 2012 6:33am
Hi DJAnsc,
From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let
me know.
Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference:
Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser".
Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting
Access" part of the following blog:
How to Create Advanced Firewall Rules in the Windows Firewall
Regards,
Mike Yin
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.Mike Yin
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2012 6:34am
Hi DJAnsc,
From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let
me know.
Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference:
Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser".
Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting
Access" part of the following blog:
How to Create Advanced Firewall Rules in the Windows Firewall
Regards,
Mike Yin
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.Mike Yin
TechNet Community Support
September 3rd, 2012 6:34am
Hi DJAnsc,
From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let
me know.
Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference:
Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser".
Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting
Access" part of the following blog:
How to Create Advanced Firewall Rules in the Windows Firewall
Regards,
Mike Yin
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.Mike Yin
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2012 6:34am
Thank you, Mike.
This was as I suspected. It's unfortunate that there is not a simpler way to disable a specific user.
Thanks again.DJAnsc
September 4th, 2012 8:16am
Thank you, Mike.
This was as I suspected. It's unfortunate that there is not a simpler way to disable a specific user.
Thanks again.DJAnsc
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2012 8:16am