Skip to content

Configure Security Portal to authenticate access to reports#

During the Critical Manufacturing MES installation it's possible to automatically enable the Security Portal to work with the reports. This page describes in more detail how the Security Portal connects to the SQL Report Server.

System User access#

During the Critical Manufacturing MES installation a system user account needs to be provided in order to proceed with the installation. In order for the Security Portal to access the reports, the SQL Report Server needs to be configured to allow this system user account to access all of the reports that a user might want to access.

This is needed because when the Security Portal is enabled the HTTP requests that are sent to the SQL Report Server are done using the system user account instead of using the user that made the original request. More specifically the HTTP requests are made using the user that is running the IIS Application Pool $SYSTEM_NAME_ReportPool where $SYSTEM_NAME is the name of the Critical Manufacturing MES environment. By changing the user of this IIS Application Pool it's possible to control the user that will make the HTTP requests to the SQL Report Server. By default the IIS Application Pool is set to the system user account of Critical Manufacturing MES environment.

Integration with Report Folder functionality#

When determining whether or not the user has access to a report, the MES Host will take into account the configuration of the Report Folders of the system. This functionality exists whether or not the Security Portal is enabled and allow users with certain Roles to access reports that are inside of specific report folders.

This functionality of the MES host is still used when the Security Portal is enabled in the environment. When the Security Portal connects to the MES Host to check if the user has access to a given report, the MES Host automatically takes into consideration the Roles of the user and whether or not they have access to a given folder.

However because only one user is used to perform the HTTP requests to the SQL Report Server when the Security Portal is enabled, the security access features of the SQL Report Server cannot be used to control what reports each specific user can access. Those access controls need to implemented as Roles in the Critical Manufacturing MES and then the Report Folders can be configured to allow only users with a certain Role to access the reports that are inside them.

Info

For more information, see Report Folders.

Sequence flow#

The following diagram shows how the Security Portal interacts with the SQL Report Server in order to authenticate requests made by the user. It shows two scenarios: the first is when the user has access to the requested report and the second is when the user doesn't have access to the report.

Report Flow