Set up and manage report library security
The report library provides another level of security within Management Reporter. By default, only users who have the role of administrator can generate or view reports in the root library folder. Other users and groups must be granted permission to view, create, edit and delete an item in the report library. You must have the role of administrator to grant or modify these user and group permissions. For more information about how to change user and group permissions to the report library, see Change report library permissions.
Because all users are assigned to the Public folder, the administrator can change the default location of generated reports to be the Public folder, instead of granting permissions to each user and group for access to the report library folder. For more information, see Everyone group and Public folder.
For more information about what a user might see in the report library at different security levels, see MSDN Blog (Dynamics Corporate Performance Management).
This topic contains the following sections:
Security and user groups
Everyone group and Public folder
Granting permissions
Show Inherited Permissions option
Change report library permissions
Security and user groups
When validating a user’s access to a folder or report, the user’s group memberships are considered. For example, if you grant a group access to a report in the library, and then later add users to the group, the new users will gain access to the existing report. Alternatively, if a user is removed from a group, that user will no longer have access to the report that is provided by the security group. For more information about how to add or delete users and groups, see the “Manage users” and “Manage user groups” sections in Set up and manage users and groups.
Everyone group and Public folder
By default, new users are added to the Everyone group. This is a system group and cannot be modified. There is also a Public folder that can be accessed by all users who are included in the Everyone group. By default, generated reports are sent to the report library. Users can change to this public folder location to generate reports because all users have access to it. If the Public folder is not used, it can be renamed or deleted.
Granting permissions
A user who has the role of administrator can grant a user or a group permissions to the report library, or permissions to specific folders, reports, report versions, or external documents. If you grant permissions to the report library, those permissions cascade down into all folders, reports, and external documents in the report library. Similarly, if you grant permissions to a folder, those permissions cascade down into the subfolders, reports, report versions, and external documents for the folder.
Access to some menu commands in Desktop Viewer requires a combination of the correct Management Reporter role and the correct permission on the folder in the report library.
By default, the report library and all its folders and subfolders are visible to all Management Reporter users. Even though all users can see the names of all folders and subfolders in the report library, users can open and view only the reports and documents for which they have view permissions.
For reporting trees, report library security works together with unit security. For example, if you grant user permissions to individual units in a reporting tree in Report Designer, that user is automatically granted permission to that report in the report library. In other words, if you grant permissions to a reporting tree in Report Designer, you do not have to grant those permissions again after the report is generated.
Show Inherited Permissions option
The Report Library Permissions dialog box, which an administrator modifies to grant user and group view, edit, create, and delete permissions to report library objects, has an option called Show inherited permissions. This option shows or hides permissions that are inherited by the selected item, such as a report library folder, report, report version, or external document.
When the Show inherited permissions option is not selected, only permissions granted specifically for the selected object appear.
When the Show inherited permissions option is selected, permissions granted specifically for the selected report or item appear, in addition to permissions that have been inherited from a group, role, or folder. If permission is inherited from more than one folder, each folder location is displayed separately. For more information about how to access the Report Library Permissions dialog box, see Change report library permissions.
Change report library permissions
To give access to the contents of the report library to a user or a user group, you must have the role of administrator in Management Reporter. The administrator can grant view, create, edit, and delete permissions for the report library or for an item within it, such as a folder, report, version of a report, or external document to users.
Add report library permissions to a user or group
In Desktop Viewer, in the navigation pane, click Report Library.
Open the Report Library Permissions dialog box in one of the following ways:
Right-click a report library item, such as a report, and then click Report Library Permissions.
Click the permissions icon in the toolbar.
On Tools menu, click Report Library Permissions.
In the Report Library Permissions dialog box, select Show inherited permissions to view inherited permissions from the report library or other library items.
In the upper pane, select the report or document to modify permissions for.
Click Add.
In the Add Users or Groups dialog box, select the user or user group to add. To select more than one user or group, hold down the Ctrl key while you select users or groups.
Note
If a user or group does not appear in the Add Users and Groups dialog box, use Management Reporter security to add the user, and then return to Desktop Viewer to add permissions for the users and groups. For more information, see the “Manage users” and “Manage user groups” sections in Set up and manage users and groups.
Click OK to close the Add Users or Groups dialog box.
To modify the view, edit, create, or delete permissions for individual users or groups, select or clear those options for a user or group in the lower pane of the Report Library Permissions dialog box.
Note
Some permissions are defined by default, depending on the user's assigned role. These options cannot be changed. For more information about user roles and permissions, see the “Permissions” section in Set up and manage users and groups.
Modify report library permissions from a user or group
In Desktop Viewer, in the navigation pane, click Report Library.
Right-click a report library item, such as a report, and then click Report Library Permissions.
To view inherited permissions, select Show inherited permissions.
To modify access to one item in the report library, select the item in the upper pane of the Report Library Permissions dialog box, and make the appropriate modifications to the users and groups listed in the lower pane.
To modify access to the contents of the report library, select Library in the upper pane, and make the appropriate modifications to the users and groups listed in the lower pane.
To remove access to an item in the report library, select the item in the upper pane. The users and groups that have permission to that report are displayed in the lower pane. Select a user or group in the lower pane, and then click Remove.
A remove verification message is displayed. Click OK to remove the permission for the user or group.
Click OK to close the Report Library Permissions dialog box and save settings.