I am reading this documentation http://msdn.microsoft.com/en-us/library/ee210591.aspx It says that if RDL Sandboxing is enabled the default limit of the following parameters would be 1000/100 MaxExpressionLength Maximum number of characters allowed in RDL expressions. Default: 1000 MaxResourceSize Maximum number of KB allowed for an external resource. Default: 100 MaxStringResultLength Maximum number of characters allowed in a return value for an RDL expression. Default: 1000 MaxArrayResultLength Maximum number of items allowed in an array return value for an RDL expression. Default: 100 My question is that if RDLSandboxing was NOT enabled... was there any limit whatsoever on the MaxExpressionSize or MaxResourceSize?? Is there any way I can put the RDLSandboxing element (just to disable custom code) and put some values for the fields mentioned above so that there is no limit on expression size or data returned from an expression. I just want the RDLSandbox to disable custom code .... I don't want any other limitation to be put into place on expressions in terms of size, data returned or types used. MSDNStudent Knows not much!

My question is that if RDLSandboxing was NOT enabled... was there any limit whatsoever on the MaxExpressionSize or MaxResourceSize?? Is there any way I can put the RDLSandboxing element (just to disable custom code) and put some values for the fields mentioned above so that there is no limit on expression size or data returned from an expression. Hello, When the RDL Sandboxing is not enabled, there is no explicit limit on MaxExpressionLength or MaxResourceSize. Otherwise, All of the RDL Sandboxing features are disabled or enabled together. There is no way to turn on or off individual RDL Sandbox restrictions. We could just set all of these settings to very large values so that users could never hit the restriction in practice. However, please keep in mind that enabling RDL Sandboxing also places restrictions on the types, namespaces, method, and properties that can be referenced from RDL expressions. Those restrictions are more difficult to make transparent because the list of allowed types is a whitelist, so we must list every type or namespace we want users to be able to access. Regards, Bin LongBin Long TechNet Community Support

Bin, Thanks for your answer. Since you are associated with MS can you please take my message to SSRS Team. In SharePoint integrated scenario allowing the <code> element in SSRS can be very problematic. Reason is that SharePoint itself executions all custom code in SharePoint using the SharePoint User Code Host Service. and it has lots of code policy and governance on what can be done. Now in SSRS 2008 R2 if we allow custom code the there are 2 custom code strategies. one is using the SharePoint custom code and the other is using SSRS. This is something which no customer would want. So either SSRS 2008 R2 should execute the <code> element in the SharePoint sandbox (which I know it doesn't) OR only the <code> element should be disabled without putting any limitation on other aspects of SSRS. So there should be more fine grained control on whether people want embedded code in SSRS Reports or not. MSDNStudent Knows not much!

Hello, If you have any concern about this, you can also submit a wish to the Microsoft Connect at https://connect.microsoft.com/SQLServer/Feedback. Thanks for your understanding. Regards, Bin LongBin Long TechNet Community Support

I hate Microsoft connect. Anything I put there is closed with status "by design" or "fixed in next version" MSDNStudent Knows not much!

Done :) https://connect.microsoft.com/SQLServer/feedback/details/742461/rdlsandboxing-element-in-ssrs-2008-r2 Please vote :) MSDNStudent Knows not much!