1

I'm creating SSRS folder security programmatically using ReportService2010 and Powershell 4.0. I can create folders and then add users to the folder security successfully.

My requirement is
I want to add all users to the Home folder(Browser role). But for folders under Home folder, only selected users should have access to selected folders.

But due to the inheritance from the Home folder all the users got Browser Role to all folders. So I need to remove the unwanted users from folder security using Powershell. I have been searching for so long but couldn't find a single helpful post.

How do I remove a User or Group from a Folder's security Programmatically?

EDIT

Code used for adding folder and folder security
Im using a global variable for SSRS proxy

function Add-SSRSFolder(
    [Parameter(Position=0,Mandatory=$true)]
    [string]$folderName,

    [Parameter(Position=1,Mandatory=$true)]
    [string]$Parent
)
{
    #get autogenerated namespace
    $type = $ssrsProxy.GetType().Namespace
    $datatype = ($type + '.Property')

    #Here we create a new object of Property type and set properties
    $property = New-Object ($datatype);
    $property.Name = “Description”
    $property.Value = “”

    #Report SSRS Properties
    #we need a property array to pass to the CreateFolder method
    $numproperties = 1
    $properties = New-Object ($datatype + '[]')$numproperties 
    $properties[0] = $property;

    write-host "Creating New Folder...... $foldername" 
    $newFolder = $ssrsProxy.CreateFolder($foldername, $Parent, $properties);
}


function Add-SSRSItemSecurity
(
    [Parameter(Position=0,Mandatory=$true)]
    [string]$itemPath,

    [Parameter(Position=1,Mandatory=$true)]
    [string]$groupUserName,

    [Parameter(Position=2,Mandatory=$true)]
    [string]$role,

    [Parameter(Position=3)]
    [bool]$inherit=$true
)
{
    $type = $ssrsProxy.GetType().Namespace;
    $policyType = "{0}.Policy" -f $type;
    $roleType = "{0}.Role" -f $type;

    $policies = $ssrsProxy.GetPolicies($itemPath, [ref]$inherit);

    $Policy = $policies | 
    Where-Object { $_.GroupUserName -eq $groupUserName } | 
    Select-Object -First 1

    if (-not $Policy) {
        $Policy = New-Object ($policyType)
        $Policy.GroupUserName = $GroupUserName
        $Policy.Roles = @()
        $Policies += $Policy
        $msg = "[Add-SSRSItemSecurity()] Adding new policy: '{0}'" -f $GroupUserName
        Write-Host $msg
    }

    $r = $Policy.Roles |
        Where-Object { $_.Name -eq $role } |
        Select-Object -First 1
    if (-not $r) {
        $r = New-Object ($roleType)
        $r.Name = $role
        $Policy.Roles += $r
        $msg = "[Add-SSRSItemSecurity()] Adding new role: '{0}'" -f $role
        Write-Host $msg
    }

    $ssrsProxy.SetPolicies($itemPath,$policies);
}

Someone please help. Thanks

MSBI-Geek
  • 628
  • 10
  • 25
  • What code have you written so far, and has it given you any errors? This sort of process has been repeatedly discussed on this site, so there should be an answer that fits your needs, unless the situation is very unique. – gravity Jun 01 '16 at 17:26
  • No errors as I haven't tried any yet. I don't find a way to remove folder security. I have updated the question with the code I'm using to create folders and add security. – MSBI-Geek Jun 02 '16 at 08:33

1 Answers1

1

Here is the code to remove a user from all folders or a specific folder.

I also wrote about this and similar scripts on SQLShack

#---------------------------------------------
# Author:   Craig Porteous
#           @cporteous
# Synopsis: Remove a specific user/group from 
#           all SSRS (native mode) folders. 
#           Excludes inherited folders
#---------------------------------------------

Clear-Host
$ReportServerUri = 'http://PorteousSQL1/ReportServer/ReportService2010.asmx?wsdl'
$InheritParent = $true
$GroupUserName = 'PORTEOUSSQL1\pInstall'
$folder = '/'

$rsProxy = New-WebServiceProxy -Uri $ReportServerUri -UseDefaultCredential
#List out all subfolders under the parent directory
$items = $rsProxy.ListChildren($folder, $true) | `
         SELECT TypeName, Path, ID, Name | `
         Where-Object {$_.typeName -eq "Folder"}
#Iterate through every folder        
foreach($item in $items)
{
    $Policies = $rsProxy.GetPolicies($Item.Path, [ref]$InheritParent)
    #Skip over folders marked to Inherit permissions. No changes needed.
    if($InheritParent -eq $false)
    {
        #List out ALL policies on folder but do not include the policy for the specified user/group
        $Policies = $Policies | Where-Object { $_.GroupUserName -ne $GroupUserName }
        #Set the folder's policies to this new set of policies
        $rsProxy.SetPolicies($Item.Path, $Policies);
    }
}
CPorteous
  • 957
  • 6
  • 10