KBA-01652: Windows Credentials and SSRS Setup for sfPMS

Spitfire Client Services > Knowledge Base > KBA-01652: Windows Credentials and SSRS Setup for sfPMS

June 9, 2016

Knowledge Base

, , , ,

Question:

What Microsoft Windows credentials does the Spitfire configuration require?
How do I setup Access Rights to SSRS for use by the Spitfire Project Management System (sfPMS)?

Answer:

There are many ways.  Here is one suggestion.

In Active Directory

You need two sets of Microsoft Active Directory (or local system) credentials

  1. The account with which you log into the IIS server to run ICTool (SPITFIREMGT\SpitfireSetup in our example).
    • This account should Windows-Authenticate to the SQL server with DBO equivalence.  See KBA-01405
    • This account should be a member of the Administrators group on the IIS server.
  2. The account created for the Web Application to make requests via the SSRS API (SPITFIREMGT\sfReportRuntime in our example).
    • This account does not require any access to SQL.
    • This account can have next to zero access in your domain.  Technically, it does not even have to be a member of Domain Users.
About Passwords

Trust us, your passwords are not as clever or secure as you think.

Spitfire recommends passwords a minimum of 16 characters in length (preferably 16-36), randomly generated by a random phrase or other random generator.  Length is more important than composition.  These passwords are rarely (probably never) typed by human hands – so make them secure.

Passwords – In ICTool

When you change the password for the account used to generate SSRS reports during runtime, follow the steps below.

In ICTool on the IIS Server

  1. Switch to the SQL RS tab
  2. Verify the user name is specified in domain\user format
  3. Specify the password (tab out)
  4. Click the Test Credentials button.  If the SSRS server has gone to sleep, this may take 30 seconds or even longer.   Bonus: verify that the “Web Service Timeout” value is longer than the delay to verify your password.   Re-click Test Credentials should be nearly instant.  Click OK to close the dialog.
  5. Go to the FINISH tab and republish the sfPMS site so that the web application has the new password.  See KBA-01680: Publishing a Version Update to Your Site

In Report Manager

Follow along in the picture below

  1. Click Site Settings.
  2. Click Security.
  3. Click New Role Assignment if you need to add one of the accounts (as described above).
  4. Review the settings
    1. The SpitfireSetup account should be designated as a System Administrator in SSRS.
    2. The sfReportRuntime account should be a System User.  If you used Domain Users and authorize all domain users to use SSRS, you may not need an explicit entry for the runtime account here.
  5. Click HOME
  6. Click Folder Settings
  7. Click New Role Assignment if you need to add one of the accounts (as described above).
  8. Review the settings
    1. The SpitfireSetup account should be given full access;  Content Manager and Publisher are specifically required so ICTool can create folders and publish reports.
    2. The sfReportRuntime account should be a browser.  This is all that is required to run reports.

Pictorial Guide

SSRS Setup

Additional Comments:

The Test Credentials button in ICTools does not work until the reports have been uploaded once.  (It tests by attempting to read the folders).

KBA-01652; Last updated: September 1, 2024 at 22:20 pm 
Keywords: SQL Server Reporting Services; setup login

Copyright 2024 Spitfire Management, LLC. All rights reserved.