Why do stored credentials require local logon permissions - by MSDN Student

Status : 

  Won't Fix<br /><br />
		Due to several factors the product team decided to focus its efforts on other items.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.


14
0
Sign in
to vote
ID 749322 Comments
Status Closed Workarounds
Type Suggestion Repros 0
Opened 6/15/2012 10:58:31 AM
Access Restriction Public

Description

We have enabled SSRS on our SP2010 farm. The hope was that each site collection owner can create report libraries by adding SSRS content types and then do reporting in a fairly autonomous fashion. 

The problem however is that if we want to use subscriptions etc we have to use stored credentials and stored credentials require local logon permissions.

Now SSRS is deployed on a central IT managed server. Giving local logon permission just to make a feature like subscription work doesn't make sense from an IT perspective because end users should only be able to use SSRS they should not have permissions at the OS level on a IT managed server.

This will kill the adoption of the product because in financial institutions this requirement that end users should have local logon rights would lead to an IT audit and un-necssary explations on why such rights were granted.

Ideally windows and sql server should be able to impersontate the user without local logon rights because again from an IT perspective each time a user wants to use SSRS, now we need to give rights on the centrally managed SSRS Server.

This obviously makes no sense from an IT persptive (makes life of SSRS server admin hard) and is an unneccassary risk.
Sign in to post a comment.