Hello,
We have a SSRS 2012 server setup in native mode that uses folder level security. We have domain groups set up so each user within the groups can only see and browse the folders and reports that we want them to see. If I add a dummy domain user account to one of those domain groups, and then login to the SSRS server using it, everything looks and behaves as it should. They can only see their own folder and the reports within them.
The issue that I'm having is that if one of those users does a search for a report, SSRS returns a list of all matching reports and folders in the system, including those that are in folders that the domain group does not have access to, and should not be able to see. Even worse, if they click on one of the found reports, SSRS will let them view it. I would have thought that the SSRS search would only limit the results to those reports and folders that the user has access to.
I thought maybe I could get around it by modifying the Browser role to hide the search box, but there doesn't seem to be a way to do that either.
Does anyone have any suggestions how to limit what the search returns, or how to disable the search box? Is this just a limitation in SSRS 2012?
Thanks!