ConfigurationSetting Method - GenerateDatabaseRightsScript
Generates a SQL Script that can be used to grant a user rights to the report server database and other databases required for a report server to run. The caller is expected to connect to the SQL Server database server and execute the script.
Public Sub GenerateDatabaseRightsScript(ByVal UserName As String, _ ByVal DatabaseName As String, ByVal IsRemote As Boolean, _ ByVal IsWindowsUser As Boolean, ByRef Script As String, _ ByRef HRESULT As Int32)
public void GenerateDatabaseRightsScript(string UserName, string DatabaseName, bool IsRemote, bool IsWindowsUser, out string Script, out Int32 HRESULT);
The user name or Windows security identifier (SID) of the user to which the script will grant rights.
The database name to which the script will grant access to the user.
A Boolean value to indicating whether the database is remote from the report server.
A Boolean value indicating whether the specified user name is a Windows user or a SQL Server user.
[out] A string containing the generated SQL Server script.
[out] Value indicating whether the call succeeded or failed.
Returns an HRESULT indicating success or failure of the method call. A value of 0 indicates that the method call was successful. A non-zero value indicates that an error has occurred.
If DatabaseName is empty then IsRemote is ignored and the report server configuration file value is used for the database name.
If IsWindowsUser is set to true, UserName should be in the format <domain>\<username>.
When IsWindowsUser is set to true, the generated script grants login rights to the user for the SQL Server, setting the report server database as the default database, and grants the RSExec role on the report server database, the report server temporary database, the master database and the MSDB system database.
When IsWindowsUser is set to true, the method accepts standard Windows SIDs as input. When a standard Windows SID or service account name is supplied, it is translated to a user name string. If the database is local, the account is translated to the correct localized representation of the account. If the database is remote, the account is represented as the computer’s account.
The following table shows accounts that are translated and their remote representation.
|Account / SID that is translated||Common Name||Remote Name|
|NT AUTHORITY\NetworkService||Network Service||<Domain>\<ComputerName>$|
|(S-1-5-19)||Local Service||Error – see below.|
|NT AUTHORITY\LocalService||Local Service||Error – see below.|
On Windows 2000, if you are using a built-in account and the report server database is remote, an error is returned.
If the LocalService built-in account is specified and the report server database is remote, an error is returned.
When IsWindowsUser is true and the value supplied in UserName needs to be translated, the WMI provider determines whether the report server database is located on the same computer or on a remote computer. To determine if the installation is local, the WMI provider evaluates the DatabaseServerName property against the following list of values. If a match is found, the database is local. Otherwise, it is remote. The comparison is case-insensitive.
|Value of DatabaseServerName||Example|
When IsWindowsUser is set to true, the WMI provider calls LookupAccountName to get the SID for the account and then calls LookupAccountSID to get the name to put in the SQL Server script. This ensures that the account name used will pass SQL Server validation.
When IsWindowsUser is set to false, the generated script grants the RSExec role on the report server database, the report server temporary database, and the MSDB database.
When IsWindowsUser is set to false, the SQL Server user must already exist on the SQL Server for the script to run successfully.
If the report server does not have a report server database specified, calling GrantRightsToDatabaseUser returns an error.
The generated script supports SQL Server 2000, SQL Server 2005, and SQL Server 2008.