Lesson 2: Setting Item-level Permissions on a Report Server
New: 17 July 2006
Access to reports, folders, models, shared data sources, and resources is controlled through item-level role assignments that you create in the Report Server Folder Hierarchy. Each user who requires access to a report server must have at least one item-level role assignment. If you define role assignments on the root folder (Home), you can use inherited security to allow the same level of access for all items that are stored on the server. The following diagram provides an illustration of the folder hierarchy that is secured through item-level role assignments:
Reporting Services provides predefined roles to make setting permissions easier. You can choose from a variety of roles to create assignments with increasing levels of permissions.
- Assign the Browser role to users who will view reports and create individual subscriptions. For more information, see the Browser Role.
- Assign the Report Builder role to users who will perform all of the tasks provided in the Browser role, plus create reports in Report Builder. For more information, see the Report Builder Role.
- Assign the Publisher role to users who will perform all of the tasks provided in the previous roles, with additional permissions for publishing reports and models from Business Intelligence Development Studio. For more information, see the Publisher Role.
- Assign the Content Manager role to a small set of users who will manage content on a report server. For more information, see the Content Manager Role.
To define role assignments, you must have sufficient permissions. On a new installation of Reporting Services, you must be a member of the local Administrators group to create role assignments.
This lesson assumes that you completed Lesson 1: Setting System-level Permissions on a Report Server and have an open connection to a report server instance in Management Studio. If you do not have an open connection, log on to your computer as a local administrator, start Management Studio, and connect to a report server. For more information, see How to: Register and Connect to a Report Server (Management Studio).
To create an item-level role assignment
Expand the report server node to view the folder hierarchy.
Right-click Home and select Properties.
Click the Add Group or User button.
Type the name of a domain group account that includes all of the users who require permissions to view reports. Specify the account in this format: domain\group. The account should be in the same domain or in a trusted domain. If you do not have a domain group that fits this description, you can specify individual domain user accounts instead.
Click OK to close the Add Group or User dialog box.
On the permissions page, select the Browser role for the new group you just added.
Add another group or user by clicking Add Group or User again.
Type the name of a domain user account for a user who has administrative responsibilities for this report server. Specify the account in this format: domain\user. The account should be in the same domain or in a trusted domain.
Click OK to close the Add Group or User dialog box.
On the permissions page, select the Content Manager role for the new group you just added. The following diagram provides an illustration of how the page might look after you add several users:
Click OK to save the role assignments.
Next Steps
You have successfully created item-level role assignments that grant minimal permissions to a domain group account and administrative permissions to a specific user account. To check your work, ask a user from the Browser role and the Content Manager role to open Report Manager. The user who has minimal permissions should be able to view items and run reports. The user who as elevated permissions should see additional property pages for each item, and be able to view more properties on the Site Settings page.
Next, you will learn how to create an item-level role assignment that provides access to a single report that is in a subfolder. See Lesson 3: Setting Permissions on Specific Items.
See Also
Other Resources
How to: Start Report Manager (Report Manager)
Managing Permissions and Security for Reporting Services
Predefined Role Assignments