CHAPTER 11 SECURING REPORTSThe -e option tells RSKeyMgmt to extract the key to the file PROSSRS_SSRS_Key in the
C:\Pro_SSRS\SSRS_Key folder. The password option is required and the password must meet the
minimum complexity requirement. If you needed to do so, you could reapply the key to the server using
the same command but changing the -e option to -a. After executing the command, you are timidly
instructed to SECURE THE FILE IN A SAFE LOCATION!
Figure 11-9. Encryption keys in the Reporting Services Configuration Manager
The key will also come in handy in case you need to move the Reporting Services instance to
another machine on your network. You can simply install SSRS on the new machine, restore the
databases from the old instance, restore the key that you have been storing, and remove the original
encryption key. This makes a simple standalone SSRS migration fairly simple and painless.
Setting Up Authentication and User Access to Data
Access to confidential electronic data, no matter where they reside, begins and ends with user
authentication. Having security users or roles properly configured is critical to a secure deployment of
SSRS. In an environment utilizing a Windows Server Domain, SSRS can then take advantage of the
authentication provided by Active Directory’s security groups and users. The SSRS administrator is
responsible for configuring SSRS-specific security roles that link to Active Directory security accounts. In
the following sections, we will show how to set up a test Windows account for an employee who will
have limited access to the SSRS report server. We will discuss the following:
- Setting up SSRS roles: SSRS roles dictate what permissions the users will have
when they access the SSRS server. An Active Directory security account, either a
group or a user, is assigned either to one of five predefined SSRS roles or to a new
role that the SSRS administrator may create.