Surface Area Configuration for Features (Windows Integrated Security) - Reporting Services

SQL Server Setup

In Reporting Services, report data sources can use Windows integrated security to connect to external data sources. Using Windows integrated security, however, may allow access to data under a user's identity without the user's knowledge. To ensure that all report data source connections use an explicitly specified set of credentials, disable Windows integrated security for report data sources. For more information about why integrated security might put sensitive data at risk, see Integrated Security and Elevated Permissions.

When you disable Windows integrated security, you reduce the options for configuring report data source credentials. The reduced set of choices apply to defining data sources in Report Manager, Management Studio, and any third-party tool that you use to define data source connections for a report. After you disable Windows integrated security, you can only obtain credentials in the following ways:

  • Prompted credentials. Users are prompted to type a user name and password to run the report. Credentials can be Windows domain credentials or database credentials.
  • Stored credentials. The credentials used to run the report are stored securely in the report server database. The credentials can be Windows domain credentials or database credentials. Only one set of credentials for each data source can be stored. All users access the report data source using the same credentials.
  • No credentials. This option can be used when the data source either does not require credentials or allows credentials to be passed on the connection string. Because credentials appear in plain text on the data source properties page, this option is not recommended. To use this option, you must configure a special-purpose account that is used for unattended report execution. For more information, see Configuring an Account for Unattended Report Processing.
Note:
Disabling Windows integrated security does not remove the Use Windows integrated security option in Report Manager, Management Studio, and the report design tools. If a user chooses Windows integrated security on a report server that does not support it, an error will occur when the report is executed.

Options

Enable Windows integrated security for report data source connections

Use Windows integrated security for report data sources.

For more information, see Integrated Security and Elevated Permissions and Specifying Credential and Connection Information.

See Also