I'm seeking the answer to understand how much of AD integration is possible in minimum administration overhead.
We have set up AD group matched to the Role created in ReportPortla(RP). Sync and add group will make this as a role and I can set specific base permission there. So far so good. Without importing the users. The user is in AD group is still no access to RP. Now I'm thinking is there any way that RP is actually accepting login within AD group without actually importing logins. Permission setting is done at the Role level.
I also have a little confusing abut Windows User Name field in Roles. Is it should be "Domain\Group Name" (We have space in group name in some case) or just a "group name"?
I have Windows based tick box ticked and thought the member of this AD security group is automatically be a member of the role without importing(sync) individual users. I may be wrong about this or may be some setting is wrong.
Also... Is the AD group in AD group is supported? (nested group) It is workable but nice to have this.
Any help will be great. I'll check back in Monday monring in NZ Time.
You are right, you should not need to import windows users. When you have a Windows-Based role RP should import the user for you. One possibility is that RP is unable to get the list of roles from AD for some reason. It should be possible to test by going to Admin > Settings > Security > Enable pass-through authentication > Test. You will need to set basic authentication only on UserDiagnostic.aspx page.
RP roles have Windows user name and password in order to impersonate application users with SSAS.
Thank yiu for answer this helped a bit and now I can see one of my group is used as a role.
Do we still need register individual users?
Say I have RP_Users group in AD and create this group as "RP Role". At the Role section I have set windows User Name as "AD\RPUsers" as per ad group and tick the "Windows Based" box at bottom.
This AD group has many members say 10 memebers for now. Is this alone if the member of this grouyp access the site without individually registed to RP, is he/she able to access the report based on this role settings?
Report Portal
AD integration - Role (AD Group) Individual Users.
Posted - 11/11/2010 : 21:30:40
