Upgrading from a Prior Version
You can install or upgrade the report services components using the IBM Security Management Services installer and then use either the Report Services Configuration wizard or the Database Upgrade and Deployment wizard to get your database and reports set up. This table highlights which tools you can use, depending on whether you have a previous version of report services installed or not.
Do you have a previous version of report services installed? | Run the Verify Privilege Server Suite installer to do this | Then do this to get your database and reports set up |
---|---|---|
No | Install the report services components | Run the Configuration wizard to configure report services and deploy reports. For details, see Configuring Report Services and Deploying your Reports |
Yes | Upgrade your report services components. | Run the Database Upgrade and Deployment wizard to upgrade your report database and deploy reports. For details, see Upgrading your report services database. |
If you’re upgrading from a version of Verify Privilege Server Suite prior to 2016 or you don’t currently have report services installed, you’ll need to specifically indicate during the installation when you want to install the report services components - they aren’t installed by default during an upgrade.
Upgrading Your Report Services Database
If you’re upgrading from a previous release of report services, you need to make sure that your report database is up to date. You’ll also need to deploy your reports again so that they are based on the updated database.
The following SQL Server permissions are required in order to upgrade the report database with the Upgrade and Deployment wizard:
- Execute stored procedure permission on report database
- Create schema permission on report database
- Create table permission on report database
- Create view permission on report database
- Create stored procedure permission on report database
- Create type permission on report database
- Alter any schema permission on report database
- Insert, Delete, Update, Select and Execute permissions on the schema "Dbo", "RawData", "ReportData", "ReportView" and "ConfigData" on report database
In order to deploy reports, you must have the Microsoft SQL Server Reporting Services role of Content Manager. For details for how to grant SSRS roles, see Granting access in SSRS to reports.
To upgrade your report database:
-
From the Start menu, locate and run the IBM Security Report Services Upgrade and Deployment wizard.
-
In the initial screen, click Next to continue.
-
The wizard upgrades the database automatically.
The database upgrade changes are saved to the database after you exit the wizard later.
-
If you have deployed reports before, configure where to back up the existing reports and where the new reports will be deployed.
If you haven’t deployed reports before, you’re prompted to specify where to deploy reports.
If desired, you can select the option to not backup nor deploy reports.
Click Next to continue.
-
In the Summary screen, review the settings and if they’re correct, click Next to continue.
The wizard upgrades your report database.
-
In the completion screen, click Finish to exit the wizard.
(If the upgrade failed for any reason, the Summary screen displays some details about why the upgrade failed.)
Your report database is updated and your reports are deployed, if you specified the option to do so.
After upgrade, you should perform a full synchronization before an incremental update is allowed. (Ref: CS-40029a)
Upgrading from Versions Before 2016
As of Verify Privilege Server Suite 2016 the report services feature provides reports. If you’re upgrading from a version prior to release 2016 and you’re accustomed to the Access Manager reports, this section covers the differences between the reports.
If you want to know which IBM Security report services reports correspond to the Access Manager reports, below is a list. The reports are listed according to the Access Manager report so that you can easily determine which new report you want to use instead.
Classic Zone Access Manager Reports
These Classic Zone reports correspond to the report services reports as follows:
Access Manager report name | Includes this information by default | IBM Security report services report name |
---|---|---|
Classic Zone - Authorization Report for Computers | Lists each computer in the zone and indicates which users are allowed to access each computer. | Authorization Report |
Classic Zone - Authorization Report for Users | Lists each user account in the zone and indicates which computers each user can access. | |
Classic Zone - User Privileged Command Rights Grouped by Zone | Lists the privileged commands that each user has permission to run and the scope to which the user’s rights apply. | Classic Zone - User Privileged Command Rights Report |
Classic Zone - User Role Assignments Grouped by Zone | Lists the role assignments for each user in each zone. | Classic Zone - User Role Assignment Report |
Classic Zone - Users Report | Lists information from the UNIX profile for each user in each classic zone. | |
Classic Zone - Zone Role Privileges | Lists the roles that are defined for each classic zone and the rights granted by each of these roles. | Zone Role Privileges Report |
Hierarchical Zone Access Manager Reports
These Hierarchical Zone reports correspond to the report services reports as follows:
Access Manager report name | Includes this information by default | IBM Security report services report name |
---|---|---|
Hierarchical Zone - Computer Effective Audit Level | Lists the audit level in effect for computers in each zone. | Hierarchical Zone - Effective Audit Level |
Hierarchical Zone - Computer Effective Rights | Lists the privileges granted on each computer. | Hierarchical Zone - Effective Rights Report |
Hierarchical Zone - UNIX User Effective Rights | Lists the effective rights for each UNIX user on each computer. The report shows the name of the right, it’s type, and where it is defined. | |
Hierarchical Zone - Windows User Effective Rights | Lists the effective rights for each Windows user on each computer. The report shows the name of the right, it’s type, and where it is defined. | |
Hierarchical Zone - Computer Effective Roles | Lists the roles assigned on each computer. | Hierarchical Zone - Effective Role Report |
Hierarchical Zone - Computer Role Assignments | Lists the computer roles that are defined for each zone. The report includes the users and groups and their associated roles. | Hierarchical Zone - Computer Role Assignments Report |
Hierarchical Zone - Computer Role Membership | Lists the computer roles that are defined for each computer and the zone to which they belong. | Hierarchical Zone - Computer role Membership Report |
Hierarchical Zone - Computer Role Membership Grouped by Zone | Lists the computer roles that are defined for each computer grouped by the zone to which they belong. |
All Zone Access Manager Reports
These reports correspond to report services reports as follows:
Access Manager report name | Includes this information by default | IBM Security report services report name |
---|---|---|
Computer Summary Report | Lists computer account information for each computer in each zone. | Computers Summary Report |
Computers Report | Lists computer account information for each computer in each zone. | |
Groups Report | Lists group information for each group in each zone. | Groups Report |
Stale Computers Report | Lists the stale computers. | Stale Computers Report |
User Accounts Report | Lists account details for the users that have UNIX profiles in each zone. The report includes the Active Directory display name, the Active Directory login name, the Active Directory domain for the account, and details about the account status, such as whether the account is configured to expire, locked out, or disabled and the date and time of the account’s last login. | User Accounts Report |
Zones Report | Lists the zone properties for each zone. The report includes the zone name, list of available shells, the default shell, the default home directory path, the default primary group, the next available UID, reserved UIDs, the next available GID, and reserved GIDs. | Zones Report |
Reports that are New to Access Manager Report Users
In addition to converting the content of the Access Manager reports into the report services reports, there are also the following new reports:
- Hierarchical Zone - Computer Role Effective Assignments Report (one for UNIX, one for Windows)
- Hierarchical Zone - Zone Effective Assignments Report (one for UNIX, one for Windows)
- Attestation reports for SOX and PCI compliance
Upgrading the Reporting Database Silently
If desired, you can upgrade your report services database without any user interaction, after you install the latest version of the Report Services components. You supply any of the parameters in the table below when you run the command line program. These parameters match the settings in the Upgrade and Deployment wizard.
Parameter name | Parameter type | Description | Example |
---|---|---|---|
ReDeployReport | switch | Specifies whether or not to redeploy reports after you upgrade the database. If you include this parameter, the service will redeploy reports. If you don't include this parameter, the service doesn't redeploy reports. | --ReDeployReport
|
ReportBackupFolder | string | Specifies the path and folder location to backup existing reports before upgrading. This option only applies if you specify ReDeployReport to yes. If you don't specify a value for this property, the service uses the default value of "Backup reports". | |
WebServiceURL | string | Specifies the web service URL for deploying reports. You use the web service URL to read reports. If you don't specify this value, the service uses the current setting. | "ReportWebServiceUrl": "http://server1/ReportServer_REPORTS " |
ReportManagerURL | string | Specifies the report manager URL. You use this URL to edit, publish, and administer reports. If you don't specify this value, the service uses the current setting. | "ReportManagerUrl": "http://server1/Reports_REPORTS" |
To silently upgrade Report Services:
-
Install the latest version of the Report Services components. For details, see Silently installing Report Services.
-
At the command line (be sure to run as administrator), run the following command with the desired upgrade parameters, as listed in the table above. None of the parameters are mandatory.
Centrify.Report.Upgrade.Cli.exe --ReDeployReport --ReportBackupFolder "previous-reports"
The upgrade program lists out each upgrade task that it performs as it progresses. When the program finishes, there's a message that says the upgrade is finished.