Securable items
Reporting Services uses role-based security to control access to items that are stored on a report server. When you grant a user access to a report server, you typically do so by creating a pair of role assignments. You create one at the site level and one on Home, which is the root node of the report server folder hierarchy.
Security is inherited within the report server folder hierarchy. Creating role assignments at the site level and on the Home folder sets permission inheritance that extends to all items and operations on a report server.
You can override permission inheritance by defining security for individual items. Items that you can secure individually include:
Folders
Reports
Report models
Resources
Shared data sources
Shared datasets
Other constructs, such as schedules and subscriptions, aren't explicitly secured. Schedules and subscriptions operate within the security of a report.
Item descriptions
The following table lists securable items and describes their characteristics.
| Item | Characteristics |
|---|---|
| Folders | Folder security applies to the folder itself and the items it contains. The Home folder is the root node of the folder hierarchy. Security that you set for this folder establishes the initial security settings for all subordinate folders, reports, resources, and shared data sources in the folder hierarchy. For more information, see Secure Folders. My Reports is a special-purpose folder that is secured through an implied role assignment based on a dedicated role. For more information, see Secure My Reports. |
| Reports | Reports and linked reports can be secured to control the range of actions that users can perform, such as changing the properties of a given report. Report history is secured through the report that contains the history. You can't secure individual snapshots within report history. For more information about report security, see Secure reports and resources. |
| Report models | You can specify role assignment on all or part of a report model. Because report models can be extensive, you might want to secure the model items that map to confidential data. |
| Resources | Resources can be secured to control access to the resource itself and its properties. Only stand-alone resources can be secured as separate items. Resources that are embedded within a report can't be secured separately from that report. For more information about resource security, see Secure Reports and Resources. |
| Shared data sources | Shared data sources can be secured to limit access to the item and its property pages. For more information, see Secure shared data source items. |
| Shared datasets | Shared datasets can be secured to control the range of actions that users can perform, such as viewing or changing the definition, or changing the properties of a given shared dataset. For more information, see Secure shared dataset items. |
Related content
Grant permissions on a native mode report server
Create, delete, or modify a role (Management Studio)
Grant user access to a report server (Report Manager)
Modify or delete a role assignment (Report Manager)
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for