Predefined Role Assignments
Reporting Services provides default security through role assignments that are configured during setup. These role assignments define access for local administrators. The preset role assignments consist of built-in Windows accounts, roles, and a security context.
Default Role Assignments for Administrators
The following table summarizes the predefined role assignments.
| Built-in group | Role | Securable item |
|---|---|---|
Administrators |
System |
|
Administrators |
Folder hierarchy starting at the Home folder (the root node) |
Notice that two role assignments are necessary to provide wide-ranging access to a report server. System-level role assignments support operations that apply to the report server site as a whole. Item-level role assignments provide access to the folder hierarchy. These two security zones are mutually exclusive.
Extending Access to Other Users
To open a report server to other users, you must create additional role assignments. One option to consider is using built-in accounts such as Everyone (an Internet Information Services account) or Users (a global domain account), and then assign those accounts to roles that provide read-only access to a report server.
The following table shows a combination of roles that are easy to define if you want to provide limited access to a large group of users right away. For step by step instructions, see Server Deployment Checklist.
| Built-in group | Role | Securable item |
|---|---|---|
Everyone |
System |
|
Everyone |
Folder hierarchy starting at the Home folder (the root node) |
.gif "ms159213.security(en-US,SQL.90).gif") Security Note: |
|---|
| The built-in Everyone and Users groups include all user accounts that have access to your Web server or that are defined in your domain. If you do not want to provide view-only access to this many users, you should choose different accounts. |
When you define role assignments for report users, you should define one for the system and one for the folder hierarchy.
For many organizations, four role assignments can provide adequate access for administrators and the majority of users who require reports and reporting features. However, you can easily add more role assignments to accommodate particular users who have different access requirements. Typically, you will create additional role assignments for folders or reports that relate to specific users or groups; for example, you may want to add role assignments to a group's folders that give individuals in that group the capability to manage those folders and their contents.
If you plan to deploy confidential reports, create role assignments that allow you to stage and test those reports in a secure manner and that allow only authorized users to view them. For more information, see Configuring Security Through Role Assignments.
See Also
Tasks
How to: Create, Delete, or Modify a Role Assignment (Management Studio)
How to: Create, Delete, or Modify a System Role Assignment (Report Manager)
How to: Create, Delete, or Modify a Role (Management Studio)
How to: Create, Delete, or Modify a Role (Report Manager)
Concepts
Creating, Modifying, and Deleting Role Assignments
Role Assignments
Securable Items
Predefined Roles Overview
Using Default Security
Managing Permissions and Security for Reporting Services