About configuring the Reporting Services data sources to use Stored Credentials or Windows Integrated Authentication to access the Analysis Services cubes
Before granting users access to reports, you must determine the level of control that you need over the reports and the information within the reports. How Reporting Services data sources is configured to access the Analysis Service cubes determines your level of control over reports and information within the reports.
The Authentication Type lets you choose how to configure the Reporting Services. You can use Stored Credentials or Windows Integrated Authentication as the Authentication Type. In the Symantec Management Console, navigate to the IT Analytics > Settings. Under Reporting Server on the SQL Server Settings tab, you can view the Authentication Type that you selected when you initially configured IT Analytics Solution.
Stored Credentials explicitly defines the user credentials. It automatically manages authentication across all application tiers because access to Reporting Services is always authenticated with the same rights for all users. After a user logs on to IT Analytics, all user inquiries to IT Analytics reports impersonate the user privileges that are specified in Stored Credentials. You can grant individual access to the reports, but you cannot control individual access to the information within the reports.
For example, you can allow the Asset managers to view the Asset Management reports. You can allow the Patch Management administrators to view the Patch Management reports. If you want more granular control over the information in the reports, you need to use Windows Integrated Authentication.
Windows Integrated Authentication lets a user's Windows credentials pass through to the Reporting Server. This method is recommended for restricting access to the Reporting Services on a per-user basis. If you use Windows Integrated Authentication, additional configuration might be necessary to ensure that authentication is appropriately managed across all application tiers.
Windows Integrated Authentication lets you grant individual access to the reports. It also provides a more granular control over the information that you allow users to see in the reports. Windows Integrated Authentication lets you filter the available cube data.
For example, you can allow Patch Management managers in different districts to view the same Patch Management reports. Because Windows Integrated Authentication lets you filter the available cube data, you can limit each Patch Management manager's view of the information within the reports. Now, the Patch Management managers can only view the information in the reports that is relevant to their district.
If you use Windows Integrated Authentication in the following environments, you need to configure Kerberos to allow a user's Windows credentials to be used for authentication purposes:
Symantec Management Platform is installed on a different server than SQL Server Analysis Services and Reporting Services, and the Report Server Authentication Type is set to Windows Integrated Authentication
The delegation features and impersonation features that are available with Windows Integrated Authentication can exist across multiple servers. In order for this feature to work, the network environment in which IT Analytics Solution is installed must be configured to use the Kerberos protocol. Without the Kerberos protocol, Windows credentials are passed across only one server connection before they expire. The Kerberos protocol allows credential delegation over multiple connections.
If Stored Credentials provides enough control over the reports, you can reconfigure the Reporting Services data sources to use Stored Credentials to access the Analysis Services cubes. If you need control over the information in the reports, you can reconfigure the Reporting Services data sources to use Windows Integrated Authentication to access the Analysis Services cubes.