SSRS: Add Header rows to show a Hierarchy of Network Permissions - ssrs-2017

I'm using Visual Studio 2017 to create an SSRS Pivoted Report using a Matrix.
The report lists Users and their Network Permissions.
In the Leftmost column are The Users.
Across the top are the Individual Permissions.
At the intersections are one of three values:
1 = User has the Permission,
Blank = User does not have the Permission,
0 = User had the Permission but it was revoked.
Here's the issue:
Each individual Permission is in one or more 'Permission Groups'.
Each Permission Group is in one or more 'Parent' Groups.
So there is a Hierarchy of Permissions. If a User is granted Permission to a Parent Group, they are automatically granted every individual permission downstream from that Parent Group.
I hope I've explained the above sufficiently.
As requested, I made the Pivoted Matrix report showing Users in the first column, Individual Permissions across the top & 1, blank or 0 at the intersections.
Question:
Is it possible to show the Permissions Hierarchy on three Header rows in the Matrix [Parent Level - Permission Groups {named 'GroupName Level' in screenshot} - Individual Permissions] - above the Detail Rows?
This is what I would like it to look like:
Is this possible? If so, is it 'out of the normal range' of SSRS capabilities or is it pretty standard? I've worked with MS Access reporting, Crystal Reports & now SSRS and I've never needed to do anything like this.
I'd appreciate any help or pointers.
Thanks in advance!

Related

PowerBI Workspace not visible

I am trying to give access to a PowerBI(PBI) workspace for an Active Directory(AD) group comprised of few users. When users login to PBI service, they cant see the workspace. The type of the AD group where these users are, set as a Distribution List. There is another separate workspace I created where users in an AD group with type - Mail Enabled Security. Those users can see that Workspace with no issues. Level of permission the AD group was given for this Distribution list PBI workspace was - Viewer. When the users are individually added to this workspace, they can see the workspace. Could someone kindly confirm, if the AD group type has to be a - Mail Enabled Security for the users to see the PowerBI workspace?
According to PowerBI documentation, PBI Workspace also supports AD groups of the type, Distribution List.
See the link
https://learn.microsoft.com/en-us/power-bi/admin/service-admin-rls
Thank you for your replies. Much appreciated.
enter image description here
Edited: Hi Andrey, I added an extra image. This I got from a posting in a blog post. It's confusing whether the group has to be security group or a distribution lists are also allowed under PBI workspaces. According to this image, distribution lists are also allowed.
Also want to add that PBI workspace here was created as new workspace type not the Classic type. Under the point 2 in the link, what that images says confirms by the Microsoft PBI documentation.
https://learn.microsoft.com/en-us/power-bi/collaborate-share/service-give-access-new-workspaces
In order to make it simple, I didn't mention the fact that these groups are being used to access couple of reports inside the workspace. These reports use roles that maintain Row Level Security. I thought it would still show the users in the group the workspace even though they might not get access to the individual reports inside. Am I too optimistic here?
Edit 2:
Thank you everyone. The issue has been resolved without me doing anything. It was a delay in syncing the changes within the office365/AD accounts/PowerBI it seems. Just for the record I will leave this post here hoping it might help someone with my situation in the future.

ASP.NET Active Directory authorization for each web page

I am new to ASP.NET and have been asked to do the following. I have tried looking at a large number of Stack overflow articles in this topic but wasn't quite able to find a specific answer to my situation.
The scenario is the following: the web application is internal to the company. Within the application, there are many pages that should have varying levels of access based on AD groups. So for example, for one page, if a user is in any of the AD groups A, B, C or D, they will have access. Another page may provide access to a user who belongs to any of AD groups E, F, or G.
Not sure if I read the other Stack Overflow articles incorrectly, but it seemed like they answered the question of providing access to a user who is part of a particular group (single group). For a given web page, I want to provide access to the user if they are part of any of the groups that I specify as permitted to visit that page.
Furthermore, is there an easy way to store the AD group names that I want to have access to each page in a file, and authorize against this file without writing much code? This way if I need to change the groups allowed to visit a particular page, I can just change the list of group names in the file.
If you want users to be automatically logged in, then hosting in IIS is by far the easiest way. Instructions on setting that up are here: Configure Windows Authentication in ASP.NET Core
Locking down certain parts of the site by AD group is pretty easy too. You simply use AuthorizeAttribute above either a whole controller, or just an action, and specify the Roles:
[Authorize(Roles = "DOMAIN\\GroupName")]
If you want the group name to be configurable, then you can create a policy for each group that reads the group name from your appsettings.json (or anywhere else, really) and you set the Policy property of the AuthorizeAttribute instead of Roles.
Details on how to set that up are in this answer: https://stackoverflow.com/a/48148149/1202807

Google analytis share data with different users

I have a projet with some number of customers (more than 25). Each customer has theirs own subdomain (customer1.mydomain.com, customer2.mydomain.com, ...). I want to track pageviews from all domains and have one report for all domains for me as administrator. Each customer should be allowed so see reports, but only for his domain.
Example:
account: UA-XXXXXX-Y
customer1.mydomain.com and customer2.mydomain.com send data to this acccount
as administrator I can see all this data, add segments, divided by hosts. Also I can create views for these segments and allow users (customer1, customer2) to see only data from these segments. But google allows to add only 25 views and I have more that 25 customers.
Also I tryed to create several account and send pageview for my administrator account and then to current customer account, but ga('craete', 'another-ua') command doesn't recreate instane with new account, just using first created one.
Anyone can suggest any solution wih allows:
As administrator, I want see all data sepaated by hosts
As customer, I want to see only my own data and should not be able to see any other data
As #AllanS.Hansen wrote, this comment works:
It's going to be more work, but multiple trackers: https://developers.google.com/analytics/devguides/collection/analyticsjs/creating-trackers#working_with_multiple_trackers. But it'll allow you to completely separate data

Tridion 2011 - How to unselect all the default selected publications while adding a group to a user?

I am facing one typical issue on Tridion 2011 administrator activity.
How to replicate the issue?
Open a User
Add a Group to the user
Once group is inserted, by default all the publications are checked/ticked
Now here is the issue, if I have 200 publications and in that I want to check/tick only 2 publications then I need to uncheck remaining 198 publications manually.
Which is really difficult task doing for 20-30 users same activity.
I tried by checking and unchecking "ALL PUBLICATIONS" check box but NO LUCK.
How to fix this?
OR
Is there any hotfix already available?
You can use the following workaround:
Select all publications (Control + A)
Press Spacebar (Toggles selected/unselected)
Typically I'd recommend setting users to a group specifically for scope and permissions, rather than trying to define this for each of some 20-30 (or more) users.
For example:
Create "Rights" groups (or use the defaults) with This Group will be available for setting permissions in the following Publications: set to All Publications.
Create "Scope" groups with membership to one or more rights groups, with the scope limited to certain publications. Use Puntero's useful tip here. Optionally use separate groups for permissions.
Going forward, add users to a Scope group with Membership Scope: set to All Publications
This lets you consolidate global user changes to a few groups and simplify manual changes, even if experiencing a possible UI bug.

Hide organizational items option in Tridion 2011 SP1 CM snap-in

I'd like to limit what organizational items users can actually see in the CM rather than the default which allows them to see the item but not read its contents giving the "Insufficient permissions" error.
For a particular group, I've assigned the Category Management right on a publication and Read permission on only two of forty available categories. When I test logging in as a user of this group - all appears, well:
I see only publication the group has the right on.
I see all forty categories under Categories & Keywords but
can only read from the two I set the permission on.
So far so good.
I then opened the Tridion CM snap-in and changed the value "Hide organizational items if no access to content" from 0 to 1. Shutdown COM+ and restarted IIS.
Logging in as the same use as before I still see all forty categories as before - there doesn't seem to be any change?
Is it not possible to setup the CM so that my user only see the two categories they have the Read permission on?
Ideally I'd like the same thing for Audience Manager address books too - only listing address books a group has permissions to read/write/delete from.
This is Tridion 2011 SP1.
EDIT
Just checked the online docs and they refer to the snap-in setting as:
If enabled, Folders and Structure Groups for which a user does not
have read permission are hidden from that user; defaults to the value
0, that is, disabled.
Does that mean it doesn't apply to Categories/Address Books then?
Cheers
You are correct. This setting applies to structure groups and folders.
The term "organizational item" always needs some context to be understood accurately. Categories are, in principle, organizational items, but a category is always a root orgitem, and root orgitems have special rules. In some contexts, even publications are referred to as orgitems. In this specific context, it means folders and structure groups

Resources