Other day,I was trying to create my first SCCM Configmgr SSRS report with RBA (role based administration) what it means is ,data for all reports included with Configuration Manager is filtered based on the permissions of the administrative user who runs the report. Administrative users with specific roles can only view information defined for their roles.
The report which was trying to create : Get the Status of Bitlocker for all physical devices(Laptop and desktops) for specific collection .The main difference between the normal SQL code and SQL code that you use for RBA reports is ,you simply replace V_ with fn_rbac_ and append (@userSIDs) at the end of the SQL view name . SQL code i used in this report with RBA is given at the end of the post.
Since the report has collection prompt ,i created dataset for collection that also uses fn_rbac and tried to run the report .For some reason ,it failed to run with following error code.
Error: " The report parameter 'A' has a default value or valid value that depends on the report parameter 'A'. Forward dependencies are not valid ".
The above screen clearly says that ,COLLID prompt depends on the report parameter UserSIDs which is another parameter,hence forward dependencies are not valid. In SSRS ,the parameters always executed in specific order how you define them. All parameters cannot run at time.
If you look at my parameters in my SSRS ,they are in order 1)CollID 2)usertokenIDs and 3)UserIDs.
CollID has UserIDs parameter which cannot accept forward dependencies.
I need to change the order of parameters how they execute .So in your reporting tool, (I use visual Studio 2012) ,click on the parameters ,select the parameter value ,select the arrow to change the order of parameters and run the report.
I have to pull down the COLLID parameter to last to fix my issue here.
Download the SSRS report with RBA enabled from Technet Gallary.
SQL code to get the status of bitlocker for all physical devices from specific collection:
SELECT distinct SYS.Netbios_Name0 [Name],sys.User_Name0,
OS.Caption0 [OS],MEM.TotalPhysicalMemory0/1024 [Memory (MB)],
case when ev.protectionstatus0=1 then 'Yes' else 'No' end as 'IsDrive Bitlocker',
CONVERT(nvarchar(26), ws.LastHWScan , 100) [Last inventory],
CONVERT(nvarchar(26), sys.Last_Logon_Timestamp0 , 100) [Last Logontimestamp]
FROM fn_rbac_R_System(@UserSIDs) SYS
LEFT JOIN fn_rbac_GS_X86_PC_MEMORY(@UserSIDs) MEM on SYS.ResourceID = MEM.ResourceID
LEFT JOIN fn_rbac_GS_COMPUTER_SYSTEM(@UserSIDs) CS on SYS.ResourceID = CS.ResourceID
LEFT JOIN fn_rbac_GS_OPERATING_SYSTEM(@UserSIDs) OS on SYS.ResourceID=OS.ResourceID
--LEFT OUTER JOIN fn_rbac_R_User(@UserSIDs) vUSER ON vUSER.[User_Name0] = SYS.User_Name0
left join fn_rbac_GS_ENCRYPTABLE_VOLUME(@UserSIDs) EV on ev.resourceid=sys.resourceid
left join fn_rbac_GS_WORKSTATION_STATUS(@UserSIDs) ws on sys.ResourceID=ws.ResourceID
left join fn_rbac_FullCollectionMembership(@UserSIDs) fcm on sys.ResourceID=fcm.ResourceID
and cs.Model0 not like '%virtual%'
ORDER BY SYS.Netbios_Name0
If you want to run the above SQL code in SQL server management studio ,simply replace the @COLLID with collection ID and add Declare @UserSIDs as varchar(Max) = 'Disabled' at the beginning of the query .
select CollectionID, Name from fn_rbac_Collection(@UserSIDs)
order by Name
Thank You so much for your sharing,İt’s was to much helpful for me. Thank you again.
How to make a RBAC query if there's no 'V_' at the table name?
My table is called vSMS_G_System...
for rbac, you should look at fn_ .All rbac starts with fn_.
How do I modify your report to show what the bitlocker encryption strength is as well
If you know the SQL view that store the bitlocker strength then you can add the SQL view data into the report.
If you do not have the SQL data in database ,you might need to identify where does the strength info stored in .Is it in registry then use regkey2mof to get into SQL.
How do I modify your report so it show's what the BitLocker Encryption Strength is as well?
Can you upload rdl report pls. thx.
its uploaded, check the blog post for technet gallery link.