Analysis Services Security

ReportPortal supports both SSAS Windows Security and Application field level security via hidden User Filter Value. To enable SSAS Windows Security please follow steps below:

  1. Go to Admin > Settings > Olap Report. Check the "XML for Analysis Security Enabled" option and click Update.
  2. Using IIS console change XMLA Virtual directory to use basic authentication only.
  3. To set security for a user go to Admin > Users. Enter Windows user id and password and click Update. You can use the same Windows user id and password for multiple users.
  4. To set security for a group of users go to Admin > Roles. Enter Windows user id and password and click Update.

Security Modes

ReportPortal supports three security authentication modes:

  1. Application - only application users are used.
  2. Windows - only windows users can login to the application (with the exception of admin users).
  3. Mixed - both windows and application users are supported.

Windows and Mixed authentication modes require that at least one Windows-based role is setup. The role name will need to have the same name as the windows group name that will have access to the application.


Pass-Through Authentication

Generally, an application user has to be created before he can login to the application. However, when the Pass-Through Authentication mode is enabled a valid windows user can be logged in into the system automatically, bypassing the login page.

When Pass-Through Authentication is enabled the following will happen:

  1. When a user goes to the Login page (Login.aspx), ReportPortal will try to retrieve the user's windows user name (from Request.ServerVariables("AUTH_USER") collection).
  2. If user's windows user name matches a ReportPortal user "Windows User Name", the user will be logged in automatically.
  3. If user's windows user name does not match any of ReportPortal users' "Windows User Name", the application will try to retrieve the list of windows groups that the user belongs to (from the domain controller).
  4. If any of the windows user group names matches the name of the "Windows based" application role, a new ReportPortal user will be created. The user name and Windows User Name will be user's windows user name. If basic authentication is used for ReportPortal virtual directory, the password will be user's windows user password; otherwise the password will be blank.

To enable the Pass-Through Authentication the following things have to be done:

  1. Go to Admin > Settings and check "Enable the pass-through authentication".
  2. The Anonymous access has to be disabled for the virtual directory or the login.aspx page. Basic Authentication has to be chosen instead. Basic Authentication should be used for domain groups and users.
  3. If you wish to use Windows Authentication, please make all XMLA requests to go via XMLA Proxy (Admin > Settings > OLAP Report > XMLA Proxy = Always Used). This needs to be done because Windows Authentication will not work with XMLA Web Service. When Windows or Mixed Application Mode is enabled, the application will prompt and save the user Windows password the first time she is logged in.
  4. Make sure that the Windows group the user belongs to is imported as application role. Insure that the role is marked to be Windows based.
  5. For Windows Server 2008 and up, the application pool identity of ReportPortal virtual directory for might need to be changed to "Network Service".

To disable the pass-through authentication for some users access the login page in the following way: "login.aspx?PassThroughAuth=0"

Alternatively, a user can bypass the login page by passing user id and password using query string parameters in the following way: "login.aspx?id=admin&pw=admin"